My computer is infected.

Printable View

08.08.2010, 09:55
Akemx

My computer is infected.

Expert team please help me fix my computer. My computer become much slower when i login to account. I really suspect that my computer infected by viruses. I have scan using KVRT 2010 and found virus and deleted them. But when i restart, my computer still got the same problem. Here are the attach file my System Information.

[ATTACH]258571[/ATTACH]

Thanks in advance.
08.08.2010, 10:35
Rene-gad

Hello,

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore
- Load your system in NORMAL MODE

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\temp\wm19pnt.exe');
TerminateProcessByName('c:\windows\temp\vv68a5mw.exe');
TerminateProcessByName('c:\windows\temp\ia84geu9q.exe');
TerminateProcessByName('c:\windows\temp\8f7oz.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','note');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','note');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','7p0f2');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','7a081');
QuarantineFile('D:\i8gcgmg.exe','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\WINDOWS\TEMP\wm19pnt.exe','');
QuarantineFile('c:\windows\temp\wm19pnt.exe','');
QuarantineFile('C:\WINDOWS\TEMP\vv68a5mw.exe','');
QuarantineFile('c:\windows\temp\vv68a5mw.exe','');
QuarantineFile('C:\WINDOWS\TEMP\ntload.dll','');
QuarantineFile('c:\windows\temp\ia84geu9q.exe','');
QuarantineFile('C:\WINDOWS\TEMP\8f7oz.exe','');
QuarantineFile('c:\windows\temp\8f7oz.exe','');
QuarantineFile('C:\WINDOWS\System32\userinit.exe','');
QuarantineFile('C:\WINDOWS\System32\svchost.exe','');
QuarantineFile('C:\WINDOWS\system32\msnpwbcf.dll','');
QuarantineFile('C:\WINDOWS\system32\Drivers\NDIS.sys','');
QuarantineFile('C:\WINDOWS\alcmtr.exe','');
QuarantineFile('C:\i8gcgmg.exe','');
QuarantineFile('C:\Documents and Settings\user\Application Data\LimeWire\drvdrvms47\msfteml.dll','');
QuarantineFile('C:\Documents and Settings\user\Application Data\LimeWire\drvdrvms47\msftcore.dll','');
QuarantineFile('C:\DOCUME~1\user\ntl.dll','');
QuarantineFile('C:\DOCUME~1\user\APPLIC~1\LimeWire\DRVDRV~1\msftldr.dll','');
QuarantineFile('C:\DOCUME~1\user\APPLIC~1\LimeWire\DRVDRV~1\msftdm32.exe','');
QuarantineFile('c:\docume~1\user\applic~1\limewire\drvdrv~1\msftdm32.exe','');
QuarantineFile('C:\DOCUME~1\user\APPLIC~1\LimeWire\DRVDRV~1\msftdm.exe','');
QuarantineFile('c:\docume~1\user\applic~1\limewire\drvdrv~1\msftdm.exe','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('D:\i8gcgmg.exe');
DeleteFile('D:\autorun.inf');
DeleteFile('c:\windows\temp\wm19pnt.exe');
DeleteFile('C:\WINDOWS\TEMP\wm19pnt.exe');
DeleteFile('c:\windows\temp\vv68a5mw.exe');
DeleteFile('C:\WINDOWS\TEMP\vv68a5mw.exe');
DeleteFile('C:\WINDOWS\TEMP\ntload.dll');
DeleteFile('c:\windows\temp\ia84geu9q.exe');
DeleteFile('c:\windows\temp\8f7oz.exe');
DeleteFile('C:\WINDOWS\TEMP\8f7oz.exe');
DeleteFile('C:\WINDOWS\system32\msnpwbcf.dll');
DeleteFile('C:\i8gcgmg.exe');
DeleteFile('C:\DOCUME~1\user\ntl.dll');
DeleteFile('C:\autorun.inf');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
[/CODE]
After reboot:
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual Healing
[CODE]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/CODE]
- Upload the C:\quarantine.zip here: [url]http://virusinfo.info/upload_virus_eng.php?tid=84878[/url]
- Install Service Pack 3 + all Updates + IE 8. WinXP SP2 will not be supported from Microsoft anymore!!!
- Make a new log file of AVPTool
- Make a log file of Malwarebytes Antimalware: [url]http://www.malwarebytes.org/mbam.php[/url]
- Attach a new log to your new post..
09.08.2010, 10:35
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]1[/B][*]Обработано файлов: [B]67[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\autorun.inf - [B]Trojan.Win32.AutoRun.aoo[/B] ( NOD32: Win32/PSW.OnLineGames.OUM trojan, AVAST4: VBS:Malware-gen )[*] c:\documents and settings\user\application data\limewire\drvdrvms47\msfteml.dll - [B]Backdoor.Win32.Agent.ayar[/B] ( DrWEB: Trojan.Siggen2.380, AVAST4: Win32:Malware-gen )[*] c:\docume~1\user\ntl.dll - [B]Trojan-Spy.Win32.Mailspy.d[/B] ( DrWEB: Trojan.PWS.Spy.9593, BitDefender: Trojan.Generic.4479843, AVAST4: Win32:Malware-gen )[*] c:\i8gcgmg.exe - [B]Trojan-GameThief.Win32.Magania.doso[/B] ( DrWEB: Trojan.PWS.Wsgame.13295, BitDefender: Gen:Variant.Taterf.9, NOD32: Win32/PSW.OnLineGames.OUM trojan, AVAST4: Win32:Rootkit-gen [Rtk] )[*] c:\windows\alcmtr.exe - [B]Virus.Win32.Virut.ce[/B] ( BitDefender: Win32.Virtob.Gen.12, AVAST4: Win32:Vitro )[*] c:\windows\system32\drivers\ndis.sys - [B]Virus.Win32.Protector.f[/B] ( DrWEB: BackDoor.Bulknet.417, BitDefender: Rootkit.Kobcka.Patched.Gen, NOD32: Win32/Protector.B virus, AVAST4: Win32:Malware-gen )[*] c:\windows\temp\ia84geu9q.exe - [B]Virus.Win32.Virut.ce[/B] ( DrWEB: Trojan.MulDrop1.41182, BitDefender: Win32.Virtob.Gen.12, AVAST4: Win32:Vitro )[*] c:\windows\temp\ntload.dll - [B]Trojan-Spy.Win32.Mailspy.d[/B] ( DrWEB: Trojan.PWS.Spy.9593, BitDefender: Trojan.Generic.4479843, AVAST4: Win32:Malware-gen )[*] c:\windows\temp\vv68a5mw.exe - [B]Virus.Win32.Virut.ce[/B] ( DrWEB: Trojan.MulDrop.33369, BitDefender: Win32.Virtob.Gen.12, AVAST4: Win32:Vitro )[*] c:\windows\temp\wm19pnt.exe - [B]Virus.Win32.Virut.ce[/B] ( DrWEB: Win32.Virut.56, BitDefender: Win32.Virtob.Gen.12, NOD32: Win32/Virut.NBP virus, AVAST4: Win32:Vitro )[*] c:\windows\temp\8f7oz.exe - [B]Virus.Win32.Virut.ce[/B] ( DrWEB: Win32.Virut.56, BitDefender: Win32.Virtob.Gen.12, NOD32: Win32/Virut.NBP virus, AVAST4: Win32:Vitro )[*] d:\autorun.inf - [B]Trojan.Win32.AutoRun.aoo[/B] ( NOD32: Win32/PSW.OnLineGames.OUM trojan, AVAST4: VBS:Malware-gen )[*] d:\i8gcgmg.exe - [B]Trojan-GameThief.Win32.Magania.doso[/B] ( DrWEB: Trojan.PWS.Wsgame.13295, BitDefender: Gen:Variant.Taterf.9, NOD32: Win32/PSW.OnLineGames.OUM trojan, AVAST4: Win32:Rootkit-gen [Rtk] )[/LIST][/LIST]
Рекомендации:
[LIST=1][*]Обнаружены троянские программы класса Trojan-PSW/Trojan-Spy - настоятельно рекомендуется поменять все пароли ![/LIST]