Jump to content

Recommended Posts

Hi, I am new to this forum.

So, apparently, my computer was infected by this trojan called Antimalware Doctor. Naturally, I used MalwareBytes to scan and fix the issue. I did the scan, fixed the selected problems and restarted the computer. I got the blue screen of death, 0x0000007B.

I looked at my last log file and atapi.sys was not targeted by MalwareBytes, so, that whole avenue is not the problem I am assuming. Can you help me figure out exactly what went wrong?

Here is the last log file, THANKS!!!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6427

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/23/2011 3:43:21 PM

mbam-log-2011-04-23 (15-43-21).txt

Scan type: Quick scan

Objects scanned: 149740

Time elapsed: 11 minute(s), 22 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 14

Memory Processes Infected:

c:\documents and settings\Aseef\application data\f29660111d43854494320866e4bc9ab9\sfmoc700init.exe (Trojan.FakeAlert) -> 1720 -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\dbderapr.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfmoc700init.exe (Trojan.FakeAlert) -> Value: sfmoc700init.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\Aseef\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\dbderapr.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

c:\documents and settings\Aseef\application data\f29660111d43854494320866e4bc9ab9\sfmoc700init.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\local settings\Temp\err.log11112000 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\local settings\Temp\3BB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\local settings\Temp\xncaseowrm.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\3BE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\3BF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\3C0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\Aseef\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi, am I correct to assume you cannot boot at all now but had this MBAM log saved somewhere?

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.