Jump to content

Recommended Posts

Hi! I recently got the XP Security 2011 virus and managed to get rid of the obvious symptoms fairly quickly, but it appears I still have a few lingering issues that I can't seem to get rid of, so I was wondering if anyone might have tips on how I might go about fixing these problems?

I'm running Windows XP Pro SP2. I got rid of most of the virus with help from Symantec AntiVirus, Spybot Search & Destroy, and Malwarebytes (also ran AdAware and Windows Defender but by that point they didn't help any). I suspect that the virus got in through a java applet on a random website (I remember shortly before noticing the virus symptoms that the Java console popped up unexpectedly and numerous infected files were found in the cache); I've since updated my version of Java and cleared its cache.

One problem that I'm still noticing is that some background service (svchost.exe) is trying to access suspected malware domains (ex. windriverupdate.kz). That's currently being blocked by my firewall, but obviously means there's still something infected... The other obvious problem is that Firefox crashes a lot (and always crashes if I try to do a search from google.com).

I've followed the instructions listed at http://forums.malwarebytes.org/index.php?showtopic=9573 including disabling CD-ROM emulation software, running DDS, and running GMER Rootkit Scanner. Note that I've ignored two PUM's found by Malwarebytes, as I'm fairly certain I caused those intentionally I while back and I don't think they're relevant now (see log below).

Any help would be very greatly appreciated! :-) I was kind of wondering though if there's any chance I could send the DDS/GMER log files via PM just to those people who might be interested in helping? From a quick glance at them I'm concerned they could contain personal info that I'd rather not share with the entire internet if possible... But I'll post them here if that's required, I really do want to get rid of this stupid virus! (Thanks again in advance! Your help to the anti-malware community is wonderful!)

+++ Most recent Malwarebytes quick scan log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6524

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

5/6/2011 11:39:03 PM

mbam-log-2011-05-06 (23-39-03).txt

Scan type: Quick scan

Objects scanned: 168192

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Not selected for removal.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Thanks for letting me know.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.