Help Getting Started - having issues

Elise · April 15, 2011

Its supposed to be: combofix<space>/killall

dmb8886 · April 15, 2011

I went with that a while back, its stuck on completed stage 50 again.

: (

Elise · April 16, 2011

Please rename combofix.exe to random.exe and then try to run it.

dmb8886 · April 16, 2011

Same problem, stuck at completed stage 50

Elise · April 16, 2011

Hi again, let me know how things are running after the following fix.

OTL FIX

------------

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:otl
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\system32\msflpr.exe) - C:\WINDOWS\system32\msflpr.exe (-)
F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\system32\msflpr.exe) - C:\WINDOWS\system32\msflpr.exe (-)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O32 - AutoRun File - [2011/04/10 16:02:10 | 000,000,093 | RHS- | M] () - E:\autorun.inf -- [ FAT ]

:commands
[reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

dmb8886 · April 16, 2011

Hi Elise,

I ran it and when it reported no report opened. Perhaps because I rebooted it in safe mode? There was also no report on my desktop either, any way to recover that report? Also of interesting note, after running that fix and rebooting in safe mode, that's the first time that McAfee opened on my system tray on reboot in a long time. McAfee would only open on the system tray in safe mode with networking and not on regular safe mode. So this is the first time that has happened FYI.

Let me know what to do next. Thanks!

Elise · April 16, 2011

Besides that how are things running now? Can you try one more time to run Combofix?

How is normal mode running now?

dmb8886 · April 16, 2011

I haven't been in normal mode in like a year and a half, lol since its been badly infected

I am running combofix again now, will let you know how things go. One note I realized that in the previous step or two the files on my desktop weren't showing their extension. After running that fix they now are showing their extension.

I will let you know how combofix goes. Thanks!

Elise · April 16, 2011

Okay, please keep me posted. You can also access normal mode to see how it runs.

dmb8886 · April 16, 2011

You think I might be completely fixed? If normal mode runs well, should I then run MBAM?

dmb8886 · April 16, 2011

Combofix stuck on completed stage 50 still

dmb8886 · April 16, 2011

Hi Elise, to update the computer is running better than it had last I remember it a long long time ago in normal mode. Its really slow and bogged down feeling though. I tried using IE and it was working and connected to the web and went to some sites. But after a few minutes of using it the window just quit/disappeared.

Let me know what you think I should do next. I'm also installing the java update at the moment.

Thanks!

Elise · April 16, 2011

No problem. Try normal mode and if it runs fine, launch MBAM, update it and run a full scan. Post me the resulting log.

dmb8886 · April 16, 2011

Hi Elise, before I read your message I went to install the java updates and it gave me an error saying it couldn't install because the computer was currently installing another program (even though I wasn't).

So I went to do a restart, and it was automatically showing a lot of end process including a few that said "sprtcmd.exe".

Also at the same time an error window popped up saying "Wscript.ext - DLL initialization failed" with the description "The application failed to initialize because the windows station is shutting down".

I am running MBAM right now though it appears to be going pretty damn slow, I will post the results when finished.

Thanks!

dmb8886 · April 16, 2011

Sorry to post so many updates along the way, but while that was running, my McAfee which I thought was disabled detected and removed a ton of trojans there were so many I couldn't keep up but some most of them that I saw were under the name "Generic Dropper!km" in the location "windows\system32" folder with different tons of instances of the file names, one example is "mskguo.exe". I also saw another trojan I caught out of my eye that it found called "Aretemis_______" didn't see the rest of the name after the word Artemis.

Will post MBAM results when its finished.

dmb8886 · April 16, 2011

Finished scanning with MBAM and I'm about to reboot to finished the removal process. Here are the results first:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6375

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

4/16/2011 3:46:41 PM

mbam-log-2011-04-16 (15-46-41).txt

Scan type: Quick scan

Objects scanned: 220561

Time elapsed: 1 hour(s), 14 minute(s), 46 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 21

Registry Values Infected: 11

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 124

Memory Processes Infected:

c:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> 2232 -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{E24211B3-A78A-C6A9-D317-70979ACE5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetLogin (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Value: UpdateNew -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Value: uid -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Value: i -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Value: mEv -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Value: BuildW -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Value: mso -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Value: Update -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Value: Ulrn -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Value: FirstInstallFlag -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Value: guid -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Value: udso -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.

c:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\criqmsck.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\phheq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\windows\system32\msksifd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msrwjdx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msuogtk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mspsocb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msqtmikc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msqzroj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msrdkop.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msrivy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msrua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msiuxuhp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjcwhs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjeyir.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjivgq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjjjcmx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjqj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjvk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjyokxn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msjyyvrf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mskexsp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mskguo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mskqfl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mskqi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msdcuoh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msdwgfgu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msdxapzp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mseekj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mseglnn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mserxs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msespf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msgsuvn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msgxmm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msgymf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mshhfoag.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mshphxxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mshqc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mshqzfil.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mshsfxv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mschgh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msclkdc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mscyc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msczcb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msvxwzm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msvyuv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msvzdtoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mswpwjxi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mswvhvvu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msxemf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msxljh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstatkow.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstbl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstchb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstghfx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstocs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstutzw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mstzcxzj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msuji.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msukzvia.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msumpq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msums.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msunwa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\dvdpaly.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\windows\system32\msopavbm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msorc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msosplim.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msovuz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msozdh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mspgtm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msphkg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mspiwxeq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mspmdcwf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mspnzat.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msfdv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msfjl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msftep.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msftukjl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msfyic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msfylz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msfzfcf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msghoxuc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msghpcdr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msgoq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msryqxe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msryxox.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msrzwcp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mssbzgk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msscgztb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mssdia.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mssgyfdg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mssto.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mssunq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mssweys.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msyfb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msyjjwf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msyqtwlh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msyyrivj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mszeptw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mszfp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msznrkr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mszqoi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msztnghe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mskyz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mslklna.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mslrxe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msluaj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mslxi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\mslzyxik.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msmkyqnz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msncnl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msnexgp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msngknfi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msnid.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msnkj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msnnvu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msnos.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msibfrc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msibhhk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\system32\msintw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\vkywt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Elise · April 16, 2011

Okay, I'll wait for the MBAM results.

The Artemis detection is most likely related to combofix (which McAfee usually detects under that name).

dmb8886 · April 16, 2011

Just posted the results right before your post in case you missed it.

dmb8886 · April 16, 2011

Also, when I restarted nothing happened relating to the program when I started up again. Should MBAM have opened again or done anything else since it mentioned to restart to complete the process?

Thanks!

Elise · April 16, 2011

No, it will not reopen on startup after that. Looks like it took care of quite some problems. Can you please run another quick scan?

How are things running so far?

dmb8886 · April 16, 2011

Seem to be running even better. There are a handful of files in the quarantine tab of MBAM, should I click on "delete all" for those files? I will run another quick scan. Thanks, you've been great!

Elise · April 16, 2011

Yes, you can delete all these. If the quick scan comes up clean, please do the following.

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

dmb8886 · April 16, 2011

Hi Elise, just noticed that all the images for your ESET Online Scanner instructions aren't showing up.

Elise · April 17, 2011

Sorry for that, I fixed the images in my previous post.

dmb8886 · April 18, 2011

Wow, it was a 7 hour scan approximately. I didn't chose the option to delete quarantined files after I clicked "Finish", was I supposed to?

Here are the results:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws6.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentieu.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\DoctorWeb\Quarantine\msxm192z.dll a variant of Win32/PSW.WOW.NNZ trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\CXY38XUN\load[1].php Win32/TrojanDropper.Agent.NII trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\CXY38XUN\undefined[1].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\OLAN8LU7\svc[1].php Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\OLAN8LU7\svc[2].php Win32/Adware.Coolezweb.AW application cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[1].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[2].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[3].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[4].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[5].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[6].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[8].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\Y3GV2JYT\undefined[9].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Documents and Settings\Steve H\Local Settings\Temporary Internet Files\Content.IE5\YDMLK1CB\undefined[1].htm HTML/Exploit.DialogArg trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\hcel.exe.vir Win32/Oficla.G trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\niawndos.exe.vir Win32/Oficla.G trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\umoikchf.exe.vir Win32/TrojanDownloader.Small.OOC trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Win32/TrojanDownloader.FakeAlert.AGL trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir Win32/TrojanDownloader.FakeAlert.AGL trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\sv2.exe.vir a variant of Win32/Adware.Coolezweb.AZ application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\cooecp.tlb.vir Win32/TrojanClicker.VB.NIM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\logcde.dll.vir Win32/TrojanClicker.VB.NIM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\windef.dll.vir Win32/TrojanClicker.VB.NIM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\windef.Log.vir Win32/TrojanClicker.VB.NIM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\winpaged.ocx.vir Win32/TrojanClicker.VB.NIM trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir Win32/Agent.PMG trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir a variant of Win32/Kryptik.ACE trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\netlogon.dll.vir a variant of Win32/Kryptik.YQ trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir probably a variant of Win32/TrojanDownloader.Agent.JXCMRQU trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir a variant of Win32/TrojanClicker.VB.NJO trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\wiwow64.exe.vir Win32/Adware.Coolezweb application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir a variant of Win32/Kryptik.XS trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\04162011_122113\C_WINDOWS\system32\msflpr.exe Win32/TrojanClicker.VB.NIM trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\04162011_122113\E_\autorun.inf Win32/PSW.OnLineGames.NMY trojan cleaned by deleting - quarantined

Help Getting Started - having issues

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information