My system was attacked

Computing.Net > Forums > Security and Virus > My system was attacked

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

My system was attacked

Name: firefighterjlklm
Date: July 7, 2009 at 21:37:03 Pacific
OS: Microsoft Windows XP Professional
CPU/Ram: 2.793 GHz / 2038 MB
Product: Dell / Dell dv051
Subcategory: Viruses

Comment:

Hi,
My wife recently went to forward an email to me and my computer was attacked by a virus with a fake antivirus program called antivurus system pro. I found a forum which had me download malwarebytes, superantispyware, and norman malware cleaner. I ran each of these in safe mode and followed all instructions and "I believe" got rid of the virus. Now I am still getting tons of tracking cookies, and back-door trojans that are being caught each time I run my AVG scan. I also have a system error every time I start my computer saying that C:\WINDOWS\system32\msbjow.exe cannot be found and then another error right after saying that it could not load that same file name. I am by far no computer genius but have some technical computer knowledge. PLEASE HELP!!
Thanks.

Sponsored Link

Ads by Google

Response Number 1

Name: jdk (by neoark)
Date: July 8, 2009 at 04:51:50 Pacific

Reply:

-----------------
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 2

Name: firefighterjlklm
Date: July 8, 2009 at 08:09:30 Pacific

Reply:

This was the first one I ran while I still had the virus and the 2nd one was last night. This is from mbam
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3
7/4/2009 1:09:59 PM
mbam-log-2009-07-04 (13-09-59).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 143413
Time elapsed: 38 minute(s), 12 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\local settings\Temp\installb[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\local settings\Temp\jdethtt22jysty234rjwg34g4346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy49.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ld12.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\strt_1246713565.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
This was last night...
Malwarebytes' Anti-Malware 1.38
Database version: 2374
Windows 5.1.2600 Service Pack 3
7/7/2009 9:50:49 PM
mbam-log-2009-07-07 (21-50-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 147097
Time elapsed: 38 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Response Number 3

Name: jdk (by neoark)
Date: July 8, 2009 at 08:12:50 Pacific

Reply:

Update your malwarebytes and scan again.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 4

Name: firefighterjlklm
Date: July 8, 2009 at 08:14:24 Pacific

Reply:

This is from superantispyware
this is the first one when I had the virus
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/04/2009 at 03:02 PM
Application Version : 4.26.1006
Core Rules Database Version : 3971
Trace Rules Database Version: 1911
Scan type : Complete Scan
Total Scan Time : 00:37:29
Memory items scanned : 530
Memory threats detected : 0
Registry items scanned : 4880
Registry threats detected : 0
File items scanned : 18226
File threats detected : 161
Adware.Tracking Cookie
C:\Documents and Settings\Jason\Cookies\jason@porno[1].txt
C:\Documents and Settings\Jason\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\Jason\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\Jason\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\Jason\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\Jason\Cookies\system@collective-media[1].txt
C:\Documents and Settings\Jason\Cookies\jason@doubleclick[2].txt
C:\Documents and Settings\Jason\Cookies\jason@ads.pointroll[1].txt
C:\Documents and Settings\Jason\Cookies\jason@www.porno[1].txt
C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[1].txt
C:\Documents and Settings\Jason\Cookies\jason@pfizer.122.2o7[1].txt
C:\Documents and Settings\Jason\Cookies\jason@invitemedia[2].txt
C:\Documents and Settings\Jason\Cookies\jason@collective-media[1].txt
C:\Documents and Settings\Jason\Cookies\system@overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@publishers.clickbooth[2].txt
Trojan.Agent/Gen-Backdoor[WinRes]
C:\DOCUMENTS AND SETTINGS\JASON\LOCAL SETTINGS\TEMP\JDETHTT22JYSTY234RJWG34G4344.exe
C:\WINDOWS\FONTS\LOGCDE.DLL
C:\WINDOWS\FONTS\WINDEF.DLL
C:\WINDOWS\FONTS\WINPAGED.OCX
C:\WINDOWS\SYSTEM32\MSCMIB.exe
C:\WINDOWS\SYSTEM32\MSCMWON.exe
C:\WINDOWS\SYSTEM32\MSCQFNAE.exe
C:\WINDOWS\SYSTEM32\MSCYCAF.exe
C:\WINDOWS\SYSTEM32\MSCYW.exe
C:\WINDOWS\SYSTEM32\MSCYY.exe
C:\WINDOWS\SYSTEM32\MSDAJW.exe
C:\WINDOWS\SYSTEM32\MSDMYHI.exe
C:\WINDOWS\SYSTEM32\MSDYTE.exe
C:\WINDOWS\SYSTEM32\MSEJETMO.exe
C:\WINDOWS\SYSTEM32\MSEMEYXL.exe
C:\WINDOWS\SYSTEM32\MSEXLYTD.exe
C:\WINDOWS\SYSTEM32\MSEYHT.exe
C:\WINDOWS\SYSTEM32\MSFWMN.exe
C:\WINDOWS\SYSTEM32\MSFYDFYE.exe
C:\WINDOWS\SYSTEM32\MSFZZAR.exe
C:\WINDOWS\SYSTEM32\MSGBU.exe
C:\WINDOWS\SYSTEM32\MSGLQU.exe
C:\WINDOWS\SYSTEM32\MSGMJR.exe
C:\WINDOWS\SYSTEM32\MSGNPC.exe
C:\WINDOWS\SYSTEM32\MSGOCN.exe
C:\WINDOWS\SYSTEM32\MSGZJYU.exe
C:\WINDOWS\SYSTEM32\MSHAX.exe
C:\WINDOWS\SYSTEM32\MSHGJ.exe
C:\WINDOWS\SYSTEM32\MSHHRA.exe
C:\WINDOWS\SYSTEM32\MSHIC.exe
C:\WINDOWS\SYSTEM32\MSHJUIPK.exe
C:\WINDOWS\SYSTEM32\MSHKKVZK.exe
C:\WINDOWS\SYSTEM32\MSHMZCY.exe
C:\WINDOWS\SYSTEM32\MSHTR.exe
C:\WINDOWS\SYSTEM32\MSHUC.exe
C:\WINDOWS\SYSTEM32\MSHVXLQT.exe
C:\WINDOWS\SYSTEM32\MSHZIOYU.exe
C:\WINDOWS\SYSTEM32\MSICVK.exe
C:\WINDOWS\SYSTEM32\MSICYQWL.exe
C:\WINDOWS\SYSTEM32\MSIHMJ.exe
C:\WINDOWS\SYSTEM32\MSIJOQKG.exe
C:\WINDOWS\SYSTEM32\MSINSLF.exe
C:\WINDOWS\SYSTEM32\MSINSM.exe
C:\WINDOWS\SYSTEM32\MSIQYZ.exe
C:\WINDOWS\SYSTEM32\MSITGC.exe
C:\WINDOWS\SYSTEM32\MSITZ.exe
C:\WINDOWS\SYSTEM32\MSIVKWLQ.exe
C:\WINDOWS\SYSTEM32\MSIXGI.exe
C:\WINDOWS\SYSTEM32\MSIXVURB.exe
C:\WINDOWS\SYSTEM32\MSIZKHWF.exe
C:\WINDOWS\SYSTEM32\MSJALQ.exe
C:\WINDOWS\SYSTEM32\MSJDO.exe
C:\WINDOWS\SYSTEM32\MSJGTK.exe
C:\WINDOWS\SYSTEM32\MSJHSQJ.exe
C:\WINDOWS\SYSTEM32\MSJNYLA.exe
C:\WINDOWS\SYSTEM32\MSJVFOY.exe
C:\WINDOWS\SYSTEM32\MSKAP.exe
C:\WINDOWS\SYSTEM32\MSKGPN.exe
C:\WINDOWS\SYSTEM32\MSKJKSDU.exe
C:\WINDOWS\SYSTEM32\MSKJUEZ.exe
C:\WINDOWS\SYSTEM32\MSKMLVE.exe
C:\WINDOWS\SYSTEM32\MSKPERMI.exe
C:\WINDOWS\SYSTEM32\MSLGHK.exe
C:\WINDOWS\SYSTEM32\MSLHAKC.exe
C:\WINDOWS\SYSTEM32\MSLJUY.exe
C:\WINDOWS\SYSTEM32\MSLUDM.exe
C:\WINDOWS\SYSTEM32\MSMBWXR.exe
C:\WINDOWS\SYSTEM32\MSMEC.exe
C:\WINDOWS\SYSTEM32\MSMPMHZI.exe
C:\WINDOWS\SYSTEM32\MSMXTM.exe
C:\WINDOWS\SYSTEM32\MSMYS.exe
C:\WINDOWS\SYSTEM32\MSMZSODS.exe
C:\WINDOWS\SYSTEM32\MSNPIS.exe
C:\WINDOWS\SYSTEM32\MSNRUY.exe
C:\WINDOWS\SYSTEM32\MSNUHJ.exe
C:\WINDOWS\SYSTEM32\MSNVJOFM.exe
C:\WINDOWS\SYSTEM32\MSNYPXRC.exe
C:\WINDOWS\SYSTEM32\MSOAEV.exe
C:\WINDOWS\SYSTEM32\MSOCEEX.exe
C:\WINDOWS\SYSTEM32\MSOCQP.exe
C:\WINDOWS\SYSTEM32\MSOETHK.exe
C:\WINDOWS\SYSTEM32\MSOETJE.exe
C:\WINDOWS\SYSTEM32\MSOIQKZ.exe
C:\WINDOWS\SYSTEM32\MSOLK.exe
C:\WINDOWS\SYSTEM32\MSPADGLI.exe
C:\WINDOWS\SYSTEM32\MSPCLP.exe
C:\WINDOWS\SYSTEM32\MSPDLJ.exe
C:\WINDOWS\SYSTEM32\MSPMHDP.exe
C:\WINDOWS\SYSTEM32\MSPOKO.exe
C:\WINDOWS\SYSTEM32\MSPYCNFA.exe
C:\WINDOWS\SYSTEM32\MSPYK.exe
C:\WINDOWS\SYSTEM32\MSQDDKR.exe
C:\WINDOWS\SYSTEM32\MSQFEA.exe
C:\WINDOWS\SYSTEM32\MSQGNVK.exe
C:\WINDOWS\SYSTEM32\MSQJTQQ.exe
C:\WINDOWS\SYSTEM32\MSQLJFS.exe
C:\WINDOWS\SYSTEM32\MSQQHBV.exe
C:\WINDOWS\SYSTEM32\MSQVU.exe
C:\WINDOWS\SYSTEM32\MSQVVHTL.exe
C:\WINDOWS\SYSTEM32\MSRDQDSY.exe
C:\WINDOWS\SYSTEM32\MSRQO.exe
C:\WINDOWS\SYSTEM32\MSSABTGA.exe
C:\WINDOWS\SYSTEM32\MSSAUQC.exe
C:\WINDOWS\SYSTEM32\MSSCOGVE.exe
C:\WINDOWS\SYSTEM32\MSSHLBT.exe
C:\WINDOWS\SYSTEM32\MSSJPI.exe
C:\WINDOWS\SYSTEM32\MSSMT.exe
C:\WINDOWS\SYSTEM32\MSSTLTS.exe
C:\WINDOWS\SYSTEM32\MSSVRIW.exe
C:\WINDOWS\SYSTEM32\MSSZRL.exe
C:\WINDOWS\SYSTEM32\MSTIYGGH.exe
C:\WINDOWS\SYSTEM32\MSTLC.exe
C:\WINDOWS\SYSTEM32\MSTNDPHH.exe
C:\WINDOWS\SYSTEM32\MSTNOEJ.exe
C:\WINDOWS\SYSTEM32\MSTOSDC.exe
C:\WINDOWS\SYSTEM32\MSTPEFX.exe
C:\WINDOWS\SYSTEM32\MSTPEUUS.exe
C:\WINDOWS\SYSTEM32\MSTQXGY.exe
C:\WINDOWS\SYSTEM32\MSTUQJRP.exe
C:\WINDOWS\SYSTEM32\MSTYFOZ.exe
C:\WINDOWS\SYSTEM32\MSUHW.exe
C:\WINDOWS\SYSTEM32\MSVHBDP.exe
C:\WINDOWS\SYSTEM32\MSVJTK.exe
C:\WINDOWS\SYSTEM32\MSWCUMJD.exe
C:\WINDOWS\SYSTEM32\MSWKLA.exe
C:\WINDOWS\SYSTEM32\MSXCWGB.exe
C:\WINDOWS\SYSTEM32\MSXED.exe
C:\WINDOWS\SYSTEM32\MSXGZCS.exe
C:\WINDOWS\SYSTEM32\MSXLDGXP.exe
C:\WINDOWS\SYSTEM32\MSXUFAEW.exe
C:\WINDOWS\SYSTEM32\MSXUWSK.exe
C:\WINDOWS\SYSTEM32\MSZFR.exe
C:\WINDOWS\SYSTEM32\MSZHUU.exe
C:\WINDOWS\SYSTEM32\MSZJHP.exe
C:\WINDOWS\SYSTEM32\MSZLVMMH.exe
C:\WINDOWS\SYSTEM32\MSZONK.exe
C:\WINDOWS\Prefetch\MSGMJR.EXE-2142F48B.pf
C:\WINDOWS\Prefetch\MSHAX.EXE-0F54599A.pf
C:\WINDOWS\Prefetch\MSHMZCY.EXE-324912E8.pf
C:\WINDOWS\Prefetch\MSIQYZ.EXE-00313722.pf
C:\WINDOWS\Prefetch\MSITGC.EXE-21AFF545.pf
C:\WINDOWS\Prefetch\MSLGHK.EXE-1510350C.pf
C:\WINDOWS\Prefetch\MSNVJOFM.EXE-22D91E2D.pf
C:\WINDOWS\Prefetch\MSOLK.EXE-1D35AB94.pf
C:\WINDOWS\Prefetch\MSTUQJRP.EXE-0BE192A4.pf
Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\MSWINSCK.OCX

This was the second one from last night
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/07/2009 at 10:42 PM
Application Version : 4.26.1006
Core Rules Database Version : 3974
Trace Rules Database Version: 1914
Scan type : Complete Scan
Total Scan Time : 00:47:21
Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 4884
Registry threats detected : 0
File items scanned : 18056
File threats detected : 11
Adware.Tracking Cookie
C:\Documents and Settings\Jason\Cookies\jason@interclick[1].txt
C:\Documents and Settings\Jason\Cookies\jason@media.medhelp[1].txt
C:\Documents and Settings\Jason\Cookies\jason@tacoda[2].txt
C:\Documents and Settings\Jason\Cookies\jason@at.atwola[2].txt
C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt
C:\Documents and Settings\Jason\Cookies\jason@advertising[2].txt
C:\Documents and Settings\Jason\Cookies\jason@kontera[2].txt
C:\Documents and Settings\Jason\Cookies\jason@a1.interclick[2].txt
C:\Documents and Settings\Jason\Cookies\jason@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
C:\Documents and Settings\Jason\Cookies\jason@apmebf[1].txt

Response Number 5

Name: firefighterjlklm
Date: July 8, 2009 at 08:17:22 Pacific

Reply:

I just updated my mbam. Should I run the complete scan or the quick scan? Thanks again for all your help!!

size vs size on disk Paste option disabled my computer was fast now slow MSWINSCK.OCX mswinsck.ocx mswinsck.ocx HKEY_CLASSES_ROOT\.exe mswinsck.ocx HKEY_LOCAL_MACHINE\SYSTEM\MountedDevic..bat HKEY_CLASSES_ROOT\.bat	C&CRA_Patch.zip mswinsck.ocx forward outlook email to gmail and delete send infopath form via email tr/vundo.gen sysguard antivirus system pro 2010 backdoor.bot pro antivirus vundo.gen.ab
See More

Response Number 6

Name: jdk (by neoark)
Date: July 8, 2009 at 08:21:55 Pacific

Reply:

Leave MBAM for now. Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.
i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.
ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.
You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.
begin
ExecuteAVUpdateEx( 'http://avz.virusinfo.info/avz_up/', 1, '','','');
ExecuteStdScr(3);
RebootWindows(true);
end.
Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.
Image Tutorial
2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs
   1. DDS.txt
   2. Attach.txt
Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 7

Name: net_ankit
Date: July 8, 2009 at 08:42:53 Pacific

Reply:

I have 1 suggestion find the Version of Avast Pro antivirus and another software name is Glary Utilities from internet.
First uninstall Avg and all other malware or spyware protecting software. Install Galary Utilities and open it clikck on Maintanance and Press Scan for ISSUe there are many great Features.
Also Install AVAST Antivirus after Uninstaling present one update Avast select option Schedule at Boot time Scan and Select allthe drives for Scan and Restart system. It will clear your PC and remove Virus.
Glary Utility will help you to repair Registry.

Response Number 8

Name: firefighterjlklm
Date: July 8, 2009 at 08:57:43 Pacific

Reply:

Here are the three links to rapidshare like you asked.
http://rapidshare.com/files/2534449...
http://rapidshare.com/files/2534484...
http://rapidshare.com/files/2534492...
Now I am going to uninstall all my protecting software and download the others you recommended. Thanks again!! You have no idea how much I appreciate this!!

Response Number 9

Name: jdk (by neoark)
Date: July 8, 2009 at 09:03:01 Pacific

Reply:

I recommended? I didn't recommend anything unless i get to see what you have :). It was someone else.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 10

Name: firefighterjlklm
Date: July 8, 2009 at 09:09:14 Pacific

Reply:

net ankit recommended??? who is this? should I not listen to him? Thanks for catching that because I was getting ready to uninstall my protection software!

Response Number 11

Name: jdk (by neoark)
Date: July 8, 2009 at 09:16:13 Pacific

Reply:

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:
1) Run this script in AVZ like before, your computer will reboot:
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\WINDOWS\system32\msrduam.exe','');
 QuarantineFile('C:\WINDOWS\system32\msbjow.exe','');
 DeleteFile('C:\WINDOWS\system32\msbjow.exe');
 DeleteFile('C:\WINDOWS\system32\msrduam.exe');
ExecuteRepair(13);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(true); 
RebootWindows(true);
end.
2) After reboot execute following script in AVZ:
begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.
A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.
3) Download install and run ccleaner.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 12

Name: firefighterjlklm
Date: July 8, 2009 at 10:18:31 Pacific

Reply:

I have tried three times to upload this file to rapidshare. It uploads but doesn't give me a link like before. It will only give me the option to send the link via email. I try to send it to myself but it says there is no file...?

Response Number 13

Name: jdk (by neoark)
Date: July 8, 2009 at 10:49:58 Pacific

Reply:

What is size of the file? Continue with next steps.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 14

Name: firefighterjlklm
Date: July 8, 2009 at 10:56:43 Pacific

Reply:

I am currently running the ccleaner. The file size says 1kb. when I click on the properties it says size on disk is 4kb.

Response Number 15

Name: jdk (by neoark)
Date: July 8, 2009 at 10:57:53 Pacific

Reply:

no need to send it continue with step 2 and 3.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 16

Name: firefighterjlklm
Date: July 8, 2009 at 11:00:20 Pacific

Reply:

The ccleaner is done. Anything next?

Response Number 17

Name: jdk (by neoark)
Date: July 8, 2009 at 11:05:06 Pacific

Reply:

original problem fixed? Just to be sure scan with:
Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.
Illustrated tutorial: http://img32.imageshack.us/img32/76...
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 18

Name: firefighterjlklm
Date: July 8, 2009 at 14:32:12 Pacific

Reply:

The scan with kaspersky is at 99% and has detected: Trojan program Exploit.JS.Pdfka.mq File: C:\Documents and Settings\Jason\Local Settings\Temp\plugtmp-23\plugin-pfqe.php
It is saying file cannot be disinfected. It is asking me to click delete or skip. Not sure what to do.

Response Number 19

Name: jdk (by neoark)
Date: July 8, 2009 at 14:39:52 Pacific

Reply:

Delete it. Original problem fixed?
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 20

Name: firefighterjlklm
Date: July 8, 2009 at 14:56:04 Pacific

Reply:

http://rapidshare.com/files/2535672...
here is the link to the report from kaspersky. I am going to restart my computer now and see if the error is gone. If it is gone can I assume that it is safe to use my computer again as far as like bank info and stuff? Also, what would you recommend over avg free as far as free virus, spyware, malware, and adware and whatever else kind of protection for my computer?

Response Number 21

Name: jdk (by neoark)
Date: July 8, 2009 at 15:06:18 Pacific

Reply:

Did you clean registry with ccleaner? For free try: avira antispyware: malwarebytes/superantispyware.
If I'm helping you and I don't reply within 24 hours send me a PM.

Sponsored Link

Ads by Google

Random 3 digit exe name v...

Compaq presario v6000 lap...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: My system was attacked

My system is not starting.

Summary

www.computing.net/answers/security/my-system-is-not-starting/25640.html

Security Help!!!

Summary

www.computing.net/answers/security/security-help/3316.html

trojan horse generic.XMS on my pc

Summary

www.computing.net/answers/security/trojan-horse-genericxms-on-my-pc/19017.html

From the Geek Dictionary
Ruby - Ruby is an object-oriented programming language. It is a scriting language ...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
help please

Stuck at Dell splash/boot screen

C/C++ Compiler for 16 Bit DOS

Help Please

y we cannot run

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE