Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Infected with H8SR


pres
 Share

Recommended Posts

My computer is infected with 8 H8SR viruses. I found them with rootrepeal but I can't remove them because they prevent anti virus programs from working(I have mbam and avira anti-vir). 3 of them are in temp and the rest are in system32. Can someone help me with this?

Link to post
Share on other sites

  • Staff

Hi,

Please read the instructions below and follow them in exactly the same way as described:

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Do NOT post the log yet, but allow mbam to reboot.
  • After reboot, immediately rescan with malwarebytes, let it perform another scan, select to remove and reboot once again.
  • It's important that these steps are performed immediately after eachother (scan > select to remove > reboot > right after reboot, another scan > select to remove > reboot).

Then when done, post the LATEST malwarebytes log in your next reply. Only post that log AFTER the second reboot.

Link to post
Share on other sites

Here is the most recent log:

Malwarebytes' Anti-Malware 1.43

Database version: 3458

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

18.1.2010 0:14:53

mbam-log-2010-01-18 (00-14-53).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 458112

Time elapsed: 10 hour(s), 49 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Malwarebytes' Anti-Malware 1.43

Database version: 3458

First of all, please update MalwareBytes, because the databaseversion is outdated and program is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

I updated mbam and performed a quick scan. Here is the fresh log: http://www.malwarebytes.org/forums/index.php?showtopic=36830

Malwarebytes' Anti-Malware 1.44

Database version: 3588

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

18.1.2010 17:55:43

mbam-log-2010-01-18 (17-55-43).txt

Scan type: Quick Scan

Objects scanned: 145734

Time elapsed: 27 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\HP_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\08LIINJA\eHf73759a1V03f01630002Ra5a024c7102Tbc0df99cQ000002e9901807F0020000aJ0f00060

1l000b318U391c0c450[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.