Jump to content

Recommended Posts

my computer infected with worm parite an even after restarting not getting removed pl. help.

Report:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5249

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/16/2010 9:06:59 PM

mbam-log-2010-12-16 (21-06-59).txt

Scan type: Quick scan

Objects scanned: 13617

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Users\ki\AppData\Local\Temp\wja60E4.tmp (Worm.Parite) -> Delete on reboot.

C:\Users\ki\AppData\Local\Temp\qja62A8.tmp (Worm.Parite) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\ki\AppData\Local\Temp\IDMIECC.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

C:\Users\ki\AppData\Local\Temp\wja60E4.tmp (Worm.Parite) -> Delete on reboot.

C:\Users\ki\AppData\Local\Temp\qja62A8.tmp (Worm.Parite) -> Delete on reboot.

Link to post
Share on other sites

Hello and :)

Before we try anything else, you need to update your Malwarebytes, you are using version 1.46 with DB 5249. The current version is 1.50 with DB 5328. Follow the instructions below to get updated and then try running another scan and removal.

Please try the following to see if it helps:

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Link to post
Share on other sites

Well worked as expected, detected all but couldn't remove

before and after restart logs are shown.

Do you know any advanced or dos level removal technique?

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5340

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/17/2010 7:59:58 AM

mbam-log-2010-12-17 (07-59-58).txt

Scan type: Quick scan

Objects scanned: 141561

Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\ki\AppData\Local\Temp\wla77DD.tmp (Worm.Parite) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\FlvTube (Adware.FlvTube) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\ki\AppData\Local\Temp\wla77DD.tmp (Worm.Parite) -> Delete on reboot.

c:\Users\ki\AppData\Local\Temp\oja5F8C.tmp (Worm.Parite) -> Quarantined and deleted successfully.

c:\Users\ki\AppData\Local\Temp\xing.exe (Trojan.Agent) -> Quarantined and deleted successfully.

AFTER RESTART--RESCANNING--

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5340

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/17/2010 8:09:34 AM

mbam-log-2010-12-17 (08-09-34).txt

Scan type: Quick scan

Objects scanned: 32788

Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\ki\AppData\Local\Temp\yyaF0F2.tmp (Worm.Parite) -> Delete on reboot.

c:\Users\ki\AppData\Local\Temp\pyaF19E.tmp (Worm.Parite) -> Delete on reboot.

c:\Users\ki\AppData\Local\Temp\eyaF131.tmp (Worm.Parite) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\ki\AppData\Local\Temp\yyaF0F2.tmp (Worm.Parite) -> Delete on reboot.

c:\Users\ki\AppData\Local\Temp\pyaF19E.tmp (Worm.Parite) -> Delete on reboot.

c:\Users\ki\AppData\Local\Temp\eyaF131.tmp (Worm.Parite) -> Delete on reboot.

Link to post
Share on other sites

Ok in this case, since it came back, then you will need assistance from the experts. Here is what to do now....

Hi, and Welcome to Malwarebytes!

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" t_reply.gif button instead of other ones when you start replying. :rolleyes:

Link to post
Share on other sites

  • 2 weeks later...

topic continuedd from

http://forums.malwarebytes.org/index.php?s...mp;#entry367725

one of the last remaining ones(i think) is in the picture.

well one of the more recent isssues is that there is a lot of uploading going on in my internet connection

regards

rshyam

topic continuedd from

http://forums.malwarebytes.org/index.php?s...mp;#entry367725

one of the last remaining ones(i think) is in the picture.

well one of the more recent isssues is that there is a lot of uploading going on in my internet connection

regards

rshyam

post-62920-1293848119_thumb.jpg

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.