Jump to content

a nastier AntiVirus System Pro of some kind -Please help


Recommended Posts

Hello,

previous times I've gotten the Antivirus System Pro malware I have been able to get rid of it using Malwarebytes but this time no matter what I try it always comes back. Now, it hasn't come back after restarting the computer after using the Defogger but please, check my logs because I would not be surprised if it does come back. I should also mention that, I have not been able to update software even after going to Lan Settings and unchecking "use proxy server for your Lan" and checking "Automatically detect settings"

Thank you so much for your help.

Malwarebytes' Anti-Malware 1.41

Database version: 3070

Windows 5.1.2600 Service Pack 3

11/27/2009 4:11:11 PM

mbam-log-2009-11-27 (16-11-11).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|J:\|K:\|)

Objects scanned: 308817

Time elapsed: 1 hour(s), 38 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------

DDS (Ver_09-11-29.01) - NTFSx86

Run by Compaq_Administrator at 22:38:13.39 on Mon 11/30/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.462 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\TomTom HOME\TomTomHOME.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Logi_MwX.Exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\Anti\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///C:/Documents%20and%20Settings/Compaq_Administrator/My%20Documents/CDI_Portal.htm

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [vwvljcqi] c:\documents and settings\compaq_administrator\local settings\application data\abkrhi\daqisysguard.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe

mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOME.exe" -s

mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE

mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE

dRunOnce: [startMS] "c:\program files\creative\shared files\media sniffer\StartMS.EXE" /s

dRunOnce: [CMSRegOW.exe] "c:\program files\installshield installation information\{56f3e1ff-54fe-4384-a153-6ccaba097814}\CMSRegOW.exe" /r

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc lightspeed self support tool\bin\matcli.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: aol.com\free

Trusted Zone: gamelink.com\drm

Trusted Zone: gamelink.com\www

Trusted Zone: netflix.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://www.stardraw.com/components/msxml4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 91.212.127.226 osguard-pro.com

Hosts: 91.212.127.226 www.osguard-pro.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ju3116nu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.eol.org/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ju3116nu.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll

FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-27 64288]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-30 11608]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-9 214664]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-30 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-30 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-30 55656]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-5 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-8 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-9 144704]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-9 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-9 35272]

S2 gupdate1c9f75c27647d1e;Google Update Service (gupdate1c9f75c27647d1e);c:\program files\google\update\GoogleUpdate.exe [2009-6-27 133104]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-9 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-9 40552]

S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232]

S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-9 606736]

=============== Created Last 30 ================

2009-12-01 06:28:38 0 ----a-w- c:\documents and settings\compaq_administrator\defogger_reenable

2009-12-01 06:16:24 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-01 06:16:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2009-12-01 06:16:19 0 d-----w- c:\program files\Avira

2009-11-28 01:24:36 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-11-28 01:24:07 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-11-27 22:00:59 0 d-----w- C:\ComboFix

2009-11-18 15:40:54 268 ---ha-w- C:\sqmdata19.sqm

2009-11-18 15:40:54 244 ---ha-w- C:\sqmnoopt19.sqm

2009-11-18 07:22:48 268 ---ha-w- C:\sqmdata18.sqm

2009-11-18 07:22:48 244 ---ha-w- C:\sqmnoopt18.sqm

2009-11-18 06:00:33 268 ---ha-w- C:\sqmdata17.sqm

2009-11-18 06:00:33 244 ---ha-w- C:\sqmnoopt17.sqm

2009-11-16 14:49:44 268 ---ha-w- C:\sqmdata16.sqm

2009-11-16 14:49:44 244 ---ha-w- C:\sqmnoopt16.sqm

2009-11-16 01:05:56 268 ---ha-w- C:\sqmdata15.sqm

2009-11-16 01:05:56 244 ---ha-w- C:\sqmnoopt15.sqm

2009-11-15 12:00:06 268 ---ha-w- C:\sqmdata14.sqm

2009-11-15 12:00:05 244 ---ha-w- C:\sqmnoopt14.sqm

2009-11-12 05:06:10 268 ---ha-w- C:\sqmdata13.sqm

2009-11-12 05:06:10 244 ---ha-w- C:\sqmnoopt13.sqm

2009-11-09 02:11:21 268 ---ha-w- C:\sqmdata12.sqm

2009-11-09 02:11:21 244 ---ha-w- C:\sqmnoopt12.sqm

2009-11-07 10:16:30 268 ---ha-w- C:\sqmdata11.sqm

2009-11-07 10:16:30 244 ---ha-w- C:\sqmnoopt11.sqm

2009-11-04 04:40:54 268 ---ha-w- C:\sqmdata10.sqm

2009-11-04 04:40:54 244 ---ha-w- C:\sqmnoopt10.sqm

2009-11-03 23:16:51 268 ---ha-w- C:\sqmdata09.sqm

2009-11-03 23:16:51 244 ---ha-w- C:\sqmnoopt09.sqm

2009-11-03 03:36:32 268 ---ha-w- C:\sqmdata08.sqm

2009-11-03 03:36:32 244 ---ha-w- C:\sqmnoopt08.sqm

2009-11-01 19:56:25 268 ---ha-w- C:\sqmdata07.sqm

2009-11-01 19:56:25 244 ---ha-w- C:\sqmnoopt07.sqm

2009-11-01 18:02:53 268 ---ha-w- C:\sqmdata06.sqm

2009-11-01 18:02:53 244 ---ha-w- C:\sqmnoopt06.sqm

2009-11-01 17:49:16 268 ---ha-w- C:\sqmdata05.sqm

2009-11-01 17:49:15 244 ---ha-w- C:\sqmnoopt05.sqm

2009-11-01 17:43:00 0 d-sh--w- c:\documents and settings\compaq_administrator\IECompatCache

2009-11-01 17:42:44 0 d-sh--w- c:\documents and settings\compaq_administrator\PrivacIE

2009-11-01 17:39:01 0 d-sh--w- c:\documents and settings\compaq_administrator\IETldCache

2009-11-01 17:37:17 268 ---ha-w- C:\sqmdata04.sqm

2009-11-01 17:37:17 244 ---ha-w- C:\sqmnoopt04.sqm

2009-11-01 17:36:13 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-01 17:35:57 0 d-----w- c:\windows\ie8updates

2009-11-01 17:35:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-01 17:35:28 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-01 17:34:38 0 dc-h--w- c:\windows\ie8

2009-11-01 17:08:47 268 ---ha-w- C:\sqmdata03.sqm

2009-11-01 17:08:47 244 ---ha-w- C:\sqmnoopt03.sqm

2009-11-01 17:04:11 0 d-----w- c:\program files\Microsoft

2009-11-01 16:55:16 268 ---ha-w- C:\sqmdata02.sqm

2009-11-01 16:55:16 244 ---ha-w- C:\sqmnoopt02.sqm

2009-11-01 16:51:07 268 ---ha-w- C:\sqmdata01.sqm

2009-11-01 16:51:07 244 ---ha-w- C:\sqmnoopt01.sqm

2009-11-01 09:58:28 268 ---ha-w- C:\sqmdata00.sqm

2009-11-01 09:58:27 244 ---ha-w- C:\sqmnoopt00.sqm

==================== Find3M ====================

2009-10-31 20:11:05 108916 --sha-w- c:\windows\system32\drivers\b4bD7.DAT

2009-10-31 20:11:05 108916 --sha-w- c:\windows\system32\drivers\288D6.DAT

2009-10-31 20:11:05 108916 --sha-w- c:\windows\system32\drivers\026D5.DAT

2009-10-31 20:10:56 33120 ----a-w- c:\windows\system32\drivers\b4bD7.SYS

2009-10-31 20:10:56 33120 ----a-w- c:\windows\system32\drivers\288D6.SYS

2009-10-31 20:10:55 33120 ----a-w- c:\windows\system32\drivers\026D5.SYS

2009-10-11 16:10:09 236544 ----a-w- c:\windows\PEV.exe

2009-10-08 22:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2009-10-08 22:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 22:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2009-09-29 22:18:47 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2008-11-22 19:52:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 22:39:21.42 ===============

Attach.zip

Link to post
Share on other sites

Hello Cansado por el Malware

Welcome to Malwarebytes.

=====================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.