Jump to content

Can't load Malwarebytes and can't connect to internet

Skylight

By Skylight
in Resolved Malware Removal Logs

 Share

Recommended Posts

chamber

chamber

Posted
Posted

You're welcome.

1) OTL

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/10/26 11:12:16 | 00,011,168 | ---- | M] () -- C:\WINDOWS\System32\zahurupi

    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    %windir%\system32\drivers\svchost.exe" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Ares\Ares.exe" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\drivers\svchost.exe" =-

    :Files
    C:\Program Files\Ares

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL logs

2) Kaspersky scan

Link to post
Share on other sites
Skylight

Skylight

Posted
  • Author
Posted

All processes killed

========== OTL ==========

C:\WINDOWS\System32\zahurupi moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe" not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe deleted successfully.

========== FILES ==========

C:\Program Files\Ares\lang moved successfully.

C:\Program Files\Ares\data\GUI\OsThemes moved successfully.

C:\Program Files\Ares\data\GUI\General moved successfully.

C:\Program Files\Ares\data\GUI moved successfully.

C:\Program Files\Ares\data moved successfully.

C:\Program Files\Ares moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 241274 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 98438 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

User: Ramirez Family

->Java cache emptied: 70168891 bytes

User: Ramirez Family.RAMIREZFAMILY1

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DF558E.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DF5D80.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DF71E0.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDF75.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDF86.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDFEB.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDFFC.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFE03F.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFE050.tmp scheduled to be deleted on reboot.

->Temp folder emptied: 181760 bytes

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\MBMYHAPU\favicon[3].ico scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\LKBL9RDE\iframe[1].html scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\LKBL9RDE\iframe[2].html scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\LKBL9RDE\index[5].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\8Z8PWBRY\iframe[1].html scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 13296643 bytes

->Java cache emptied: 68937026 bytes

->FireFox cache emptied: 31680297 bytes

->Apple Safari cache emptied: 26165841 bytes

User: RAMIRE~1~RAM

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1205958 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcafee_eSuxHqdWhwzQXBo scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_BItL3ZbPLwDd4wk scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\mcmsc_hMaeHmqtxn6Uq5d scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 452528 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 202.68 mb

OTL by OldTimer - Version 3.0.22.1 log created on 10272009_104949

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DF558E.tmp not found!

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DF5D80.tmp not found!

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DF71E0.tmp moved successfully.

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDF75.tmp not found!

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDF86.tmp not found!

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDFEB.tmp not found!

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFDFFC.tmp not found!

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFE03F.tmp not found!

File\Folder C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temp\~DFE050.tmp not found!

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\MBMYHAPU\favicon[3].ico moved successfully.

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\LKBL9RDE\iframe[1].html moved successfully.

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\LKBL9RDE\iframe[2].html moved successfully.

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\LKBL9RDE\index[5].htm moved successfully.

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\Content.IE5\8Z8PWBRY\iframe[1].html moved successfully.

C:\Documents and Settings\Ramirez Family.RAMIREZFAMILY1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

File\Folder C:\WINDOWS\temp\mcafee_eSuxHqdWhwzQXBo not found!

File\Folder C:\WINDOWS\temp\mcmsc_BItL3ZbPLwDd4wk not found!

File\Folder C:\WINDOWS\temp\mcmsc_hMaeHmqtxn6Uq5d not found!

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites
Skylight

Skylight

Posted
  • Author
Posted

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, October 27, 2009

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, October 27, 2009 10:59:32

Records in database: 3089395

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

F:\

G:\

H:\

I:\

Scan statistics:

Objects scanned: 148134

Threats found: 9

Infected objects found: 69

Suspicious objects found: 0

Scan duration: 02:29:06

File name / Threat / Threats count

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6A6E14.dll Infected: Trojan.Win32.BHO.g 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EAF3115.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14D850E7.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14DC7AE3.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14DF24E0.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E24EDC.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E678D9.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E922D5.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14EF76CE.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14F320CA.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14F64AC7.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14F974C3.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14FC1EC0.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\150048BC.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15061CB5.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\150D70AE.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15101AAA.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\151344A6.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\151A189F.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\151D429C.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15241694.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15274091.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\152A6A8D.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15313E86.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15346882.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\153A3C7B.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A3F6D14.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F532E79.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\225F1E31.dll Infected: Trojan.Win32.BHO.g 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25CF2913.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31606511.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\422C3762.htm Infected: Trojan.JS.Fraud.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\479E3DD0.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F0650C9.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54770F15.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55773B68.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55DE61C7.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\599D2D3C.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A1277E4.dll Infected: Trojan-Spy.Win32.VBStat.j 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AAE5737.dll Infected: Trojan-Spy.Win32.VBStat.j 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DB009C8.dll Infected: Trojan.Win32.BHO.g 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60074B13.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B491D80.dll Infected: Trojan-Spy.Win32.VBStat.j 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B970712.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70F56FFD.dll Infected: Trojan.Win32.BHO.g 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\729E2E25.dll Infected: Trojan.Win32.BHO.g 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73090559.htm Infected: Trojan.JS.Fraud.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74E617C1.htm Infected: Trojan.JS.Fraud.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77091F22.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77284311.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AF033B9.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B34256E.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B384F6A.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B3B7966.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B3E2363.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B414D5F.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B45775C.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B482158.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B4B4B54.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B4E7551.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E29711E.exe Infected: Trojan-Spy.Win32.BZub.buz 1

C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\Qoobox\Quarantine\C\Program Files\Active Security\uninstall.exe.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\borazufu.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\dararudi.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\derinade.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\zupikure.dll.vir Infected: Packed.Win32.TDSS.aa 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Downloader.Win32.Banload.akvu 1

Selected area has been scanned.

Link to post
Share on other sites
chamber

chamber

Posted
Posted

Hi,

You need to empty out this quarantine folder,

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine,

Did you previously have Norton installed?

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites
Skylight

Skylight

Posted
  • Author
Posted

Yes I had Norton on this computer maybe four years ago, I have had Mcafee for these last two years. Did I not delete it properly?

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee SecurityCenter

Antivirus up to date! (On Access scanning disabled!)

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 16

Adobe Flash Player 10

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe

``````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

Link to post
Share on other sites
chamber

chamber

Posted
Posted

ok,

Please visit HERE, determine the version of the Symantec product that is installed. (To determine the version, click Help and About.)

Select the appropriate link for the product that you want to uninstall and then run the tool.

Follow the on-screen instructions.

Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Visit THIS website to obtain the latest update for Adobe reader, yours is quite out of date now.

How are things running now?

Link to post
Share on other sites
chamber

chamber

Posted
Posted

I'm not sure why it is doing that, it may have been something that you deleted when trying to fix it. I'll have a look around and see what I can come up with. Although I really don't know other than letting it set up windows, which I would also assume may install it fresh and delete your stuff.

Now for the good news.

Congratulations your logs appear clean!! :thumbsup:

Clean up

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.