Jump to content


Recommended Posts

i had fake antimalware crap popping up everywhere, my networking is all screwed up, and my drives are not functioning,

i already screwed around a bunch and manually deleted wscsvc.exe but still having issues, here are the logs i was told to post, and dds and rootkit logs are attached, thanx again for any help i can get.

Malwarebytes' Anti-Malware 1.42

Database version: 3434

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

12/26/2009 10:23:19 AM

mbam-log-2009-12-26 (10-23-19).txt

Scan type: Quick Scan

Objects scanned: 8220

Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

\\?\globalroot\systemroot\System32\H8SRTprvwiwbuxx.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

\\?\globalroot\systemroot\System32\H8SRTprvwiwbuxx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Jailbird at 13:16:05.76 on Sat 12/26/2009

Internet Explorer: 8.0.6001.18865




Link to post
Share on other sites

Hello jailbird5000

Welcome to Malwarebytes. :)


One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

ok so i will disconnect my internet and get a hold of my bank asap, so if i completely reformat the pc is it still not 100% safe?, because i have no problem doing that , i think i might need to hunt down my vista disk to reinstall. man i'm kinda freaking out right now, is it ok to change my passwords in safe mode maybe?

ya whatever you think is best, lets do it. i'll start backing up all of my files on dvd's since when I ran the scans and used the defogger i can use my drive again.

thanx alot man!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.