Jump to content

Can anyone help me? Coz I can't remove it with malware bytes.


Recommended Posts

Sorry for not responding on former thread. I was so busy and in a hury to finish my job that time so I go PLAN B and work temporarily on my brother's PC.

Now I am back on my own PC that have very very sensitive files including my video, which I am not yet finish editing.

I did everything I possibly can. I installed an anti virus, guess what? This malware is fighting back and closing the installer + in the same time corrupting the anti virus installer. So what I did, I switch my OS to safe mode.. Oh.. Guess what? The malware corrupted my OS's safe mode.

So what I did, I installed temporarily Sigwa Antiviral Tool kit which is a restriction remover and scanner. I removed the restrictions caused by the malware (regedit,firewall, taskmanager etc...). This tool even restores my OS's corrupted safe mode. But guess what? After 2 seconds Aprox... Its back... I can't access anything! So I used sigwa rrt again and once it restored my safe mode I immediately pull the plug out.

Ok now I am in safe mode. Installed Avira... Guess what happen when I am in OS normal mode again? It corrupted the anti virus.

I even fought it by using the cacls + attrib command to totally lock the autorun.ini of my 5 drives... Guess what after 15 mins aprox? It self unlocked. WoW! :) Hahaha.

Installing MalwareBytes is flawless... Its like the malware can't recognize this software as a threat.

I scanned at first and it saw 14 malwares if I am not mistaken.

Then I scanned again and it detected 5.... I request me to restart the PC... next time again.. 5 detected + required restart... Never ending.

issue11.jpg

---------------------------------------------------------------

Scan type: Flash scan

Objects scanned: 86990

Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\xml2u (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (TAGA LIPA ARE!) Good: (Internet Explorer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Glenn\Application Data\svighost.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\com.run (Trojan.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\Systemprofile\Application Data\inst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32AKV.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

------------------------------

Scan type: Flash scan

Objects scanned: 86716

Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------

Scan type: Flash scan

Objects scanned: 86932

Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------------------------------

Scan type: Flash scan

Objects scanned: 86772

Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------

00:06:04 Glenn MESSAGE Protection started successfully

00:07:50 Glenn MESSAGE IP Protection started successfully

00:12:34 Glenn DETECTION D:\emuih.exe Malware.Packer.Morphine QUARANTINE

00:21:05 Glenn DETECTION D:\Program Files\Cheat Engine\Systemcallretriever.exe Trojan.Downloader QUARANTINE

00:21:05 Glenn DETECTION D:\Program Files\Cheat Engine\Systemcallretriever.exe Trojan.Downloader DENY

00:21:05 Glenn DETECTION D:\Program Files\Cheat Engine\Systemcallretriever.exe Trojan.Downloader DENY

01:01:51 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine QUARANTINE

01:01:51 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY

01:01:51 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY

01:04:08 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY

01:04:16 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY

01:04:21 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY

01:06:29 Glenn DETECTION F:\vklso.exe Malware.Packer.Morphine QUARANTINE

01:08:22 Glenn DETECTION H:\dvfibt.exe Malware.Packer.Morphine ALLOW

02:47:30 Glenn MESSAGE Protection started successfully

02:47:38 Glenn MESSAGE IP Protection started successfully

02:58:05 Glenn MESSAGE Protection started successfully

02:58:10 Glenn MESSAGE IP Protection started successfully

03:10:41 Glenn MESSAGE Protection started successfully

03:11:59 Glenn MESSAGE IP Protection started successfully

03:26:57 Glenn MESSAGE IP Protection stopped

15:13:59 Glenn MESSAGE Protection started successfully

15:15:06 Glenn MESSAGE IP Protection started successfully

-------------------------------------------

Please help me... If anyone can. I did use Combo fix but its NO USE on my situation.

NOTE: Even I did a full scan. Still the same 5 malwares.

Link to post
Share on other sites

Hi -

You have really got stuck with a few very bad ones there - Your only chance at this time is the experts area -

You will need to follow these instructions as best you can , and repost there -

Note that Combo fix is Not a cure all for many infections - You need other expert help as well -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :)

Link to post
Share on other sites

noknojon, thank you very much. I will do those steps. :blink:

Oh and one thing by the way. I found out what this thing is.... Its WIN32.Sality

Maybe Malware Bytes alone is not build for this coz its a multi purpose virus I guess? It has malwares, worms, dirty scripts, injectors and works as a team. O_O Gosh.

-------------------------------------------------------

Haider, I did a quick scan and a full scan too.

Here is a log of a quick scan. If I do another quick scan, it pops the same thing.

Its like self reviving. ^^

Scan type: Quick scan

Objects scanned: 117686

Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\jfjwnk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\jqlhyt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\autorun.inf (Malware.Packer.Gen) -> Delete on reboot.

C:\kveg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\pjwy.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa1499468.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa1499656.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41967328.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa4982562.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa4982750.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41967140.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41348687.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41348890.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41925671.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41925875.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41956281.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa41956468.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\WINDOWS\system32IISW.007 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Demosai,

Sality is a file infector. Please read this blog post by our very own miekiemoes:

http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

It is a very serious infection that causes serious damage. At this point I would only recommend formatting your hard drive and reinstalling Windows.

Please let me know if you have any questions. In the future, please post this kind of thing in the Malware Removal forum and an Expert will look at your case.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.