Jump to content

Infected help please


Recommended Posts

hi,

I have been experiencing the same kind of problem with a xxgsdrg patched virus/ trojan infection discovered by different antivirus

It is usually located in my system 32 folder in some sgdfgdf.dll files which i can delete but it seems to be creating others faster than i can delete them

Also and mainly wininit and explorer exe appear to be infected and of course whenever i try to remove , quarantine , clean those files my system simply reboots and sends me to the restore point; with house call trend online scan that is,

so after a lot of time spent on forums looking for an answer i came here :)

here is the screen of my scan with up to date maleware byte before it crashes

http://yfrog.com/mimabmj

mabm.jpg

Uploaded with ImageShack.us

also funnily enough dds.scr can be downloaded but them my system prevents me from opening it

ok now i post this and click remove selected , i ll crash and restore then come back

Link to post
Share on other sites

ok so i didnt crash :) since it didnt mess with the crit processeswininit and explorer which is pretty cool

here is my cleaning log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4759

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/7/2010 12:21:49 AM

mbam-log-2010-10-07 (00-21-49).txt

Scan type: Quick scan

Objects scanned: 138014

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jgyo0w (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Users\pierre\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\Windows\System32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\pierre\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

now i will try get the dds.scr log up here

also sorry for multiple posting i cant find the edit button

Link to post
Share on other sites

i spoke too soon, after i restarted it cycled again rebooting until i resigned to click the restore windows which set me back to the same point .

I tried to execute dds.scr but even allowing the scripts in my internet options it wont run , same thing with gmer it just crashes on open

i am at the point where i will save my datas and reformat the hard drive.

so any help will be appreciated

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.