Jump to content

Recommended Posts

hi

after removing malware...gen,pum...my pc will not boot, i am running xp pro on dell dimension 8300...i cannot boot in any mode ie;safe mode etc....any help pease,i'm a novice by the way :) thanx

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6092

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

25/05/2011 22:49:58

mbam-log-2011-05-25 (22-49-58).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 235758

Time elapsed: 1 hour(s), 40 minute(s), 34 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 4

Folders Infected: 1

Files Infected: 17

Memory Processes Infected:

c:\documents and settings\josie\application data\dwm.exe (Trojan.Downloader) -> 3064 -> Unloaded process successfully.

c:\documents and settings\josie\application data\microsoft\conhost.exe (Trojan.Agent) -> 3444 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Value: *upd_debug.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\josie\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\documents and settings\user\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\josie\application data\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\user\local settings\temp\exmsracnow.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\msdpkcsp.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\josie\application data\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\user\application data\Adobe\plugs\kb90548781.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\user\application data\Adobe\plugs\kb90548921.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\user\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\user\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\user\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\user\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\WINDOWS\temp\0.4987605378353026.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\WINDOWS\temp\0.970119405237936.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\josie\local settings\temp\csrss.exe (Trojan.Agent) -> Delete on reboot.

c:\documents and settings\user\local settings\temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\user\application data\eba6ad1db247fe28e70714d691638996\upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\user\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

c:\documents and settings\user\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Start with Kaspersky and see if running them gets you back to limping.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.