Jump to content

cant access internet conection after Malware bytes

rubinsky
 Share

Recommended Posts

rubinsky

rubinsky

Posted
Posted

hello guys. i would need some help.

i just killed my virus with malwarebytes' anti-malware.

i rebooted as requested, now i can't surf throught internet.

i did the procedures i sow at this post. http://www.malwarebytes.org/forums/lofiver....php/t7696.html

but still no internet.

please take a look at my logs and hlep me :S

thanks in advance guys.

cheers

Malwarebytes' Anti-Malware 1.38

Database version: 2297

Windows 5.1.2600 Service Pack 3

7/14/2009 12:50:01 AM

mbam-log-2009-07-14 (00-50-01).txt

Scan type: Full Scan (C:\|D:\|I:\|)

Objects scanned: 261442

Time elapsed: 1 hour(s), 27 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 2

Registry Data Items Infected: 8

Folders Infected: 4

Files Infected: 39

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywarecease.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Files Infected:

i:\APPZ\ahead.nero.v8.3.2.1.incl.keymaker-embrace\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

i:\system volume information\_restore{051d624c-812a-42f7-a640-3f4f0210a47d}\RP69\A0038705.exe (Malware.Tool) -> Quarantined and deleted successfully.

i:\system volume information\_restore{051d624c-812a-42f7-a640-3f4f0210a47d}\RP69\A0038716.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files\spyware cease\bmgac (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\dxddd (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\idamx (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\iflee (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\LSR.lsr (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\md5.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\mtools.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\networkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\opfile.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\RegDefend.ini (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\rgp.tmp (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\RKHit.sys (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\spkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\SpywareCease.chm (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\SpywareCease.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\SpywareCease.url (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\swdb.ssk (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\unins000.dat (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\unins000.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\vf (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\xxcum (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\zlib1.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\md5.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\mtools.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\opfile.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\RKHit.sys (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\spkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\SpywareCease.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\program files\spyware cease\update\Update.ini (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\spyware cease\Spyware Cease on the Web.lnk (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\spyware cease\Spyware Cease.lnk (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\spyware cease\Uninstall Spyware Cease.lnk (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\documents and settings\Rub!ns\Desktop\Spyware Cease.lnk (Rogue.SpywareCease) -> Quarantined and deleted successfully.

c:\documents and settings\Rub!ns\application data\microsoft\internet explorer\quick launch\Spyware Cease.lnk (Rogue.SpywareCease) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:58:39 AM, on 7/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

c:\program files\idt\intelxpv_v83\wdm\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Winamp3\winampa.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\mmc.exe

C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conex

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

It looks like some other scanner already deleted the malicious component under the winsock, because your version of mbam is outdated and detection for this one was added after the database version 2300.

Malwarebytes actually restores your winsock automatically then when a malicious component is present there.

Anyway, to restore it manually...

Go to start > run and type cmd

A dos Window will appear.

Type next in the dos window: netsh winsock reset catalog

hit enter.

This should solve your broken connection.

Reboot.

Then,

First of all, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.