Jump to content

Bad infection


otis

Recommended Posts

You guys are freakin great. I have been reading other posts that are similar to my headache:

Got hit with the Antispy 2009 on a Vista set. only thing that happened that day was Win Update!!??

MBAM blocked. Superantispyware blocked. HJT blocked. Rootrepeal crashes.

After 3 tries, a Restore worked. But then MBAM launched, then quit.

So, I am now scanning the HDD in an XP set that has just been scanned clean and updated fully. It is finding some stuff. Crypt GBE for one.

Here is the BIG question: By scanning this way, I can remove and heal the files that were downloaded; but not /clean' the registry. So, will the Vista set reinfect when I move the HDD back to boot on it. OR, will the reg entries pointing to the formerly bad files just be ignored?

If this works, it will be a good scheme for cleaning.

thanx

Link to post
Share on other sites

Update:

MBAM found Rootkit in netlogon.dll and Adware Agent in cpnprt2.cid.

deleted both. AVG 8.5 still running.

more later as it happens. Hope this will help anyone else.

cheers

You guys are freakin great. I have been reading other posts that are similar to my headache:

Got hit with the Antispy 2009 on a Vista set. only thing that happened that day was Win Update!!??

MBAM blocked. Superantispyware blocked. HJT blocked. Rootrepeal crashes.

After 3 tries, a Restore worked. But then MBAM launched, then quit.

So, I am now scanning the HDD in an XP set that has just been scanned clean and updated fully. It is finding some stuff. Crypt GBE for one.

Here is the BIG question: By scanning this way, I can remove and heal the files that were downloaded; but not /clean' the registry. So, will the Vista set reinfect when I move the HDD back to boot on it. OR, will the reg entries pointing to the formerly bad files just be ignored?

If this works, it will be a good scheme for cleaning.

thanx

Link to post
Share on other sites

  • Staff

Hi otis and welcome to Malwarebytes.

If the files are gone, and Registry entries still exist, they will point to the dead file and throw up errors when they try to load.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

Next, or if that does not work, please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Next, or if that doesn't work, please download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply:

-screen317

Link to post
Share on other sites

Here is the wrapup. Sorry i didn't post earlier.

The HDD cleaned fine as slave on the other PC.

good enough to put it back and reboot. Reinstalled MBAM and it ran fine and found 43 more baddies.

6 were the Antispy,another bunch were FbrowserAdvisor....

But the good news is, the scan as slave works well enough to allow MBAM to reinstall and reclean.

Thanx for your help.

Hi otis and welcome to Malwarebytes.

If the files are gone, and Registry entries still exist, they will point to the dead file and throw up errors when they try to load.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

Next, or if that does not work, please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Next, or if that doesn't work, please download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply:

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.