rshyam Posted December 16, 2010 ID:362054 Share Posted December 16, 2010 my computer infected with worm parite an even after restarting not getting removed pl. help.Report:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5249Windows 6.1.7600Internet Explorer 8.0.7600.1638512/16/2010 9:06:59 PMmbam-log-2010-12-16 (21-06-59).txtScan type: Quick scanObjects scanned: 13617Time elapsed: 6 minute(s), 8 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Users\ki\AppData\Local\Temp\wja60E4.tmp (Worm.Parite) -> Delete on reboot.C:\Users\ki\AppData\Local\Temp\qja62A8.tmp (Worm.Parite) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\ki\AppData\Local\Temp\IDMIECC.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.C:\Users\ki\AppData\Local\Temp\wja60E4.tmp (Worm.Parite) -> Delete on reboot.C:\Users\ki\AppData\Local\Temp\qja62A8.tmp (Worm.Parite) -> Delete on reboot. Link to post Share on other sites More sharing options...
Firefox Posted December 16, 2010 ID:362058 Share Posted December 16, 2010 Hello and Before we try anything else, you need to update your Malwarebytes, you are using version 1.46 with DB 5249. The current version is 1.50 with DB 5328. Follow the instructions below to get updated and then try running another scan and removal.Please try the following to see if it helps:Windows XP:Click on Start and select Control PanelOpen Add/Remove ProgramsUninstall Malwarebytes' Anti-MalwareRestart your computer very importantDownload and run mbam-clean.exe from here NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....It will ask to restart your computer, please allow it to do so very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro versionLaunch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.Windows Vista and Windows 7:Click on the Start button and select Control PanelClick on Programs and FeaturesUninstall Malwarebytes' Anti-MalwareRestart your computer very importantDownload and run mbam-clean.exe from here NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step.... It will ask to restart your computer, please allow it to do so very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro versionLaunch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it. Link to post Share on other sites More sharing options...
rshyam Posted December 17, 2010 Author ID:362162 Share Posted December 17, 2010 i'll do as directed. would it remove the stubborn parite worm? i'll be back in next 10 mins please Link to post Share on other sites More sharing options...
rshyam Posted December 17, 2010 Author ID:362177 Share Posted December 17, 2010 Well worked as expected, detected all but couldn't removebefore and after restart logs are shown.Do you know any advanced or dos level removal technique?Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5340Windows 6.1.7600Internet Explorer 8.0.7600.1638512/17/2010 7:59:58 AMmbam-log-2010-12-17 (07-59-58).txtScan type: Quick scanObjects scanned: 141561Time elapsed: 3 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:c:\Users\ki\AppData\Local\Temp\wla77DD.tmp (Worm.Parite) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\FlvTube (Adware.FlvTube) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\ki\AppData\Local\Temp\wla77DD.tmp (Worm.Parite) -> Delete on reboot.c:\Users\ki\AppData\Local\Temp\oja5F8C.tmp (Worm.Parite) -> Quarantined and deleted successfully.c:\Users\ki\AppData\Local\Temp\xing.exe (Trojan.Agent) -> Quarantined and deleted successfully.AFTER RESTART--RESCANNING--Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5340Windows 6.1.7600Internet Explorer 8.0.7600.1638512/17/2010 8:09:34 AMmbam-log-2010-12-17 (08-09-34).txtScan type: Quick scanObjects scanned: 32788Time elapsed: 1 minute(s), 16 second(s)Memory Processes Infected: 0Memory Modules Infected: 3Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:c:\Users\ki\AppData\Local\Temp\yyaF0F2.tmp (Worm.Parite) -> Delete on reboot.c:\Users\ki\AppData\Local\Temp\pyaF19E.tmp (Worm.Parite) -> Delete on reboot.c:\Users\ki\AppData\Local\Temp\eyaF131.tmp (Worm.Parite) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\ki\AppData\Local\Temp\yyaF0F2.tmp (Worm.Parite) -> Delete on reboot.c:\Users\ki\AppData\Local\Temp\pyaF19E.tmp (Worm.Parite) -> Delete on reboot.c:\Users\ki\AppData\Local\Temp\eyaF131.tmp (Worm.Parite) -> Delete on reboot. Link to post Share on other sites More sharing options...
Firefox Posted December 17, 2010 ID:362342 Share Posted December 17, 2010 Ok in this case, since it came back, then you will need assistance from the experts. Here is what to do now....Hi, and Welcome to Malwarebytes!Please read the following so that you can begin the cleaning process:As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.One of the expert helpers there will give you one-on-one assistance when one becomes available.Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.OrYou may send a Private Message to a Moderator asking for assistance.Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.Please be patient, someone will assist you as soon as it is possible.PS: Please use the "ADDREPLY" button instead of other ones when you start replying. Link to post Share on other sites More sharing options...
Staff shadowwar Posted December 17, 2010 Staff ID:362388 Share Posted December 17, 2010 On thing to add.. Parite is a File infector and not something we target with Malwarebytes. It's a true virus. This tool may help you. http://download.bitdefender.com/resources/...tiparite-en.exeThe site appears offline at this moment but should be back soon. Unfortunately the best option is usually to format and reinstall. Link to post Share on other sites More sharing options...
rshyam Posted December 30, 2010 Author ID:367482 Share Posted December 30, 2010 All worked and removed, except for the one in the picture below.Tanks a lot for all the Help, it really worked though it ate into some of the .exe files but its ok. Link to post Share on other sites More sharing options...
Staff shadowwar Posted December 30, 2010 Staff ID:367725 Share Posted December 30, 2010 I would suggest following firefox's instructions and continue in our malware removal forums. Link to post Share on other sites More sharing options...
rshyam Posted January 1, 2011 Author ID:368238 Share Posted January 1, 2011 topic continuedd fromhttp://forums.malwarebytes.org/index.php?s...mp;#entry367725one of the last remaining ones(i think) is in the picture.well one of the more recent isssues is that there is a lot of uploading going on in my internet connectionregardsrshyamtopic continuedd fromhttp://forums.malwarebytes.org/index.php?s...mp;#entry367725one of the last remaining ones(i think) is in the picture.well one of the more recent isssues is that there is a lot of uploading going on in my internet connectionregardsrshyam Link to post Share on other sites More sharing options...
LDTate Posted January 1, 2011 ID:368386 Share Posted January 1, 2011 Topics mergedrshyam,Please don't start new topics.Use the Add Reply below to stay in your topic here. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 8, 2011 Staff ID:386305 Share Posted February 8, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts