Jump to content

Virus help needed

Recommended Posts

A few weeks ago, I had to wipe and reload my OP because my computer filled up with viruses. Long story, and I will tell it if I need to.

So I reloaded the xp, downloaded all of the updates, installed Avast AV and Advanced System Care 3.2, and have been fine until last week when my flash drive crashed, and a boot time scan revealed a Trojan in it and 2-3 Trojans or 2-3 files infected by 1 Trojan on my main computer. The files were deleted, but I had not turned off the system restore. I ran several scans that turned up nothing until I ran the mbam scan this morning. Here is the scan log:

Malwarebytes' Anti-Malware 1.35

Database version: 1919

Windows 5.1.2600 Service Pack 3

3/30/2009 1:56:16 PM

mbam-log-2009-03-30 (13-56-16).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 145264

Time elapsed: 30 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP13\A0005728.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP13\A0006134.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.

C:\WINDOWS\ServicePackFiles\i386\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.

I turned off system restore and had mbam remove the infected objects.

Now, I see that two of the files have the same extention as some false positives that are mentioned in other threads. Could all of these have been false positives? Only the files with the wadv07nt.sys remain in the quarantine folder. Have I removed crucial files? Do I need to restore these??

Link to post
Share on other sites

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.