JamesLFisher123 Posted June 20, 2010 ID:271183 Share Posted June 20, 2010 Today I learned a painful lesson, and continue learning it. Before I begin, I'd like to introduce my self. My name is James, I'm a rooky when it comes to computers at the moment, but am advancing my career in Cyber Security, Criminal Justice.That being said, I made one of the worst mistakes in my life. In order to fix my computer the right way, I have to first admit that I was using a pirating program in order to download a game. The game key generator didnt work so I googled the maker of the game maker, and clicked the link. After the link, the AV Suit Virus program automatically kicked in.[For reference, this is Vista 32bit]After which I tried doing anything, It locked me out of msn, wouldn't allow me to run any programs, wouldn't allow me to click my mouse all without an error bubble popping up.I restarted in safe-mode because I couldn't and can't start the PC Up or it will BSOD, and was given guidance by my friend Reid. I was guided to AVAST First, which I downloaded and given a guide to delete HKEY Files within the regedit area of using windows+r. After full scan and eliminating four threats, and erasing all the guided files I was instructed to erase. I tried rebooting again, it still BSOD's. So I downloaded Malwarebytes which my friend directed me to next, and am currently running a scan for malware. Through 100,000 files it has found 16 malware infections thus far.That being said, I will continue to keep this updated. But seriously... all of my stupidity aside, would somebody please help me in any way possible. Link to post Share on other sites More sharing options...
JamesLFisher123 Posted June 20, 2010 Author ID:271184 Share Posted June 20, 2010 Today I learned a painful lesson, and continue learning it. Before I begin, I'd like to introduce my self. My name is James, I'm a rooky when it comes to computers at the moment, but am advancing my career in Cyber Security, Criminal Justice.That being said, I made one of the worst mistakes in my life. In order to fix my computer the right way, I have to first admit that I was using a pirating program in order to download a game. The game key generator didnt work so I googled the maker of the game maker, and clicked the link. After the link, the AV Suit Virus program automatically kicked in.[For reference, this is Vista 32bit]After which I tried doing anything, It locked me out of msn, wouldn't allow me to run any programs, wouldn't allow me to click my mouse all without an error bubble popping up.I restarted in safe-mode because I couldn't and can't start the PC Up or it will BSOD, and was given guidance by my friend Reid. I was guided to AVAST First, which I downloaded and given a guide to delete HKEY Files within the regedit area of using windows+r. After full scan and eliminating four threats, and erasing all the guided files I was instructed to erase. I tried rebooting again, it still BSOD's. So I downloaded Malwarebytes which my friend directed me to next, and am currently running a scan for malware. Through 100,000 files it has found 16 malware infections thus far.That being said, I will continue to keep this updated. But seriously... all of my stupidity aside, would somebody please help me in any way possible.Update: 21 file infections detected. Link to post Share on other sites More sharing options...
JamesLFisher123 Posted June 20, 2010 Author ID:271187 Share Posted June 20, 2010 Update: 21 file infections detected.Correction, "Game maker" is supposed to be keygen maker. Link to post Share on other sites More sharing options...
JamesLFisher123 Posted June 20, 2010 Author ID:271193 Share Posted June 20, 2010 My scan is finished with a projected 46 infections found. They include trojans, adware, and rogues.Should I remove selected in MB? I don't want to do anything without approval from somebody who's very confident in fighting these things off. Link to post Share on other sites More sharing options...
JamesLFisher123 Posted June 20, 2010 Author ID:271195 Share Posted June 20, 2010 Update: Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4219Windows 6.0.6002 Service Pack 2 (Safe Mode)Internet Explorer 8.0.6001.189286/20/2010 6:56:08 PMmbam-log-2010-06-20 (18-56-08).txtScan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)Objects scanned: 280060Time elapsed: 45 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 26Registry Values Infected: 5Registry Data Items Infected: 0Folders Infected: 2Files Infected: 13Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{1c69777c-5312-4c0c-94ab-73daaaa5700c} (Adware.EZlife) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1c69777c-5312-4c0c-94ab-73daaaa5700c} (Adware.EZlife) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c69777c-5312-4c0c-94ab-73daaaa5700c} (Adware.EZlife) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c69777c-5312-4c0c-94ab-73daaaa5700c} (Adware.EZlife) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{4173f7fb-9f8e-4b40-8e5b-24dd06eeacf9} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4173f7fb-9f8e-4b40-8e5b-24dd06eeacf9} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4173f7fb-9f8e-4b40-8e5b-24dd06eeacf9} (Trojan.BHO) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4173f7fb-9f8e-4b40-8e5b-24dd06eeacf9} (Trojan.BHO) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> No action taken.HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> No action taken.HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skb (Trojan.Agent.Gen) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vetwbqms (Rogue.AntivirusSuite.Gen) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hforeqeluwenuqav (Trojan.Agent.U) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apupuqicacepep (Trojan.Agent.U) -> No action taken.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\$NtUninstallWTF1012$ (Adware.EZLife) -> No action taken.C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.Files Infected:C:\Windows\System32\vdhpt.dll (Adware.EZlife) -> No action taken.C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B1UA2TC\id2[1].htm (Trojan.Dropper) -> No action taken.C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B1UA2TC\jjaiqxsq[1].htm (Trojan.Dropper) -> No action taken.C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I42PYT3\gkbjdlwqlt[1].htm (Trojan.Hiloti) -> No action taken.C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QABTK3TO\kksahc[1].htm (Trojan.Dropper) -> No action taken.C:\Users\Bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QABTK3TO\kksaupwr[1].htm (Trojan.Ransom) -> No action taken.C:\Windows\System32\rdhpt.dll (Trojan.BHO) -> No action taken.C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> No action taken.C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.C:\Windows\System32\idhpt.exe (Trojan.Agent.Gen) -> No action taken.C:\Users\Bart\AppData\Local\bwlkoaynx\ajyvmxatssd.exe (Rogue.AntivirusSuite.Gen) -> No action taken.C:\Users\Bart\AppData\Local\WMEnswut.dll (Trojan.Agent.U) -> No action taken.C:\Users\Bart\AppData\Local\ewunufuqo.dll (Trojan.Agent.U) -> No action taken.The MBAM saved log of all the infections Malware detected. Link to post Share on other sites More sharing options...
sjpritch25 Posted June 20, 2010 ID:271196 Share Posted June 20, 2010 Have you tried booting into safe mode? Do you have a Vista DVD? Link to post Share on other sites More sharing options...
JamesLFisher123 Posted June 20, 2010 Author ID:271197 Share Posted June 20, 2010 Have you tried booting into safe mode? Do you have a Vista DVD?Hello, Sj. I rebooted in safe mode, finished MB. I removed all malicious viruses rogues or otherwise.I can now start my computer and it runs on normal mode.However, it's running a little slower than expected. Link to post Share on other sites More sharing options...
sjpritch25 Posted June 20, 2010 ID:271206 Share Posted June 20, 2010 In Normal Mode, Please run another scan with MBAM, make sure you check for updates first. Download GMER Antirootkit Here, click on Download EXE and save to your DesktopDisconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver Double-click Gmer.exe to run the program. When the program opens, click the "Rootkit" Tab On the right-side, check all the items to be scanned, but leave "Show All" unchecked Select all drives that are connected to your system to be scanned Click the Scan button When the scan is finished, click Copy to save the scan log to the Windows clipboard Open Notepad or a similar text editor Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V Save the gmer scan log and post it in your next reply. Close Gmer Open a command prompt (Start | run |type cmd and hit Enter) Type or paste the following to unload the gmer driver: net stop gmer Hit Enter Exit the command prompt. [*]Re-enable all active protection.================================================Download OTL.exe to your desktop.Double-Click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\drivers\*.sys /90Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. Link to post Share on other sites More sharing options...
JamesLFisher123 Posted June 20, 2010 Author ID:271213 Share Posted June 20, 2010 Alright I'm currently re-scanning it with MB.THe good thing is that it's running okay now, and that it doesn't BSOD. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 7, 2010 Staff ID:280543 Share Posted July 7, 2010 Hi,My apologies for the delay; do you still need help? Link to post Share on other sites More sharing options...
Staff screen317 Posted July 24, 2010 Staff ID:289716 Share Posted July 24, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts