Bad virus, has attacked and subdues my protection

December 7, 2011 at 22:34:18
Specs: Windows 7, 4 GB RAM
I am scared. Thats is the only way to descirbe it. My protection is awesome, I have F-Secure and it is up to date. What happened could've been worse but its pretty bad.

I was online doing my usual routine. A update window for a Flash player popped up, it looked legit, but normally it asks before updating so I was very suspicious. Then a Microsoft Presentation manager popped up and was trying to modify my F-secure files. I did not allow it to, but somehow it has disabled my ability to do anything on that login account, if I try it asks me for the program needed to do it.

I am genuinely scared. I cant pull up anything, the only processes running are the required ones andtwo called.

atieclxx.exe
csrss.exe

The presentation manager was located in my documents folder as an application, but then it disappeared, and afterwards tried to open a KHK.exe.

Can someone help? I am currently running a scan from the admin account, but I am afraid if it accidently turns off it will not work again.


See More: Bad virus, has attacked and subdues my protection

Report •


#1
December 8, 2011 at 04:35:45
If your protection were "awesome", you wouldn't be posting. Download mbam-setup.exe from one of the sites on the following page:
http://www.findfiles.com/list.php?s...
Install, update & run it.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
December 8, 2011 at 07:55:47
When I said my protection is awesome, I meant that almost every virus I have come into contact with has been pulled immediately, that is why I am scared.

I ran a scan with my antivirus on the admin account, and it found two viruses. My account on the computer is still not working properly though. I am afraid to do a restart becaue if it wasnt detected then it will most likely take over.

The activity on my login is flatlining at 1% and there are no processes running besides explorer.

I think its weird that it is only affecting one login but not the others. Mbam wont do anything for me anyway I already tried it.

Rkill had some issues as well, I tried running it before scanning, it must've conflicted with F-secure, because it couldnt alter any of my processes. I am afraid to disable the antivirus because it is probably the only thing holding it back.

I am not completely ignorant, but this has me scared.


Report •

#3
December 8, 2011 at 12:15:48
Try combo fix. If that's doesn't work, run hijack this & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
December 8, 2011 at 14:36:23
Well I think I subdued it, I will know for sure later.

I thank you for your help, I am capable of getting all but the worst viruses out of my system.

That being said this scared me and I think that in the end it was just my paranoia that caused my problem. When the popups happened, I stopped all the processes that were trying to alter my system, this could have resulted in the effects on the login.

I had doubts after a while that this could be a virus problem because it wasnt affecting the other logins. So I just deleted the login that was suspected of being infected, and made new one. Since I have done this there have been no other ill effects on my computer.

I will not call this case closed, yet though. There is still a chance that something could happen when I reboot. I am not rushing the moment though.


Report •

#5
December 8, 2011 at 15:03:02
nevermind I will scan with the scanners you have provided. I thought I got rid of it, but I am getting redirects every once and a while. My scanners is blocking the redirect though so I am safe for now.

Report •

#6
December 8, 2011 at 15:47:50
I ran Mbam again it caught some of the buggers, I guess the scan I did with F- secure gave Mbam enough breathing room. It caught some baddies I dont know if its the problem child though.

Log is as follows.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8336

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/8/2011 5:37:02 PM
mbam-log-2011-12-08 (17-37-02).txt

Scan type: Quick scan
Objects scanned: 257742
Time elapsed: 23 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\users\kids\videos\gbpxp.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\users\kids\videos\mob127.bin (Malware.Trace) -> Quarantined and deleted successfully.


Report •


Ask Question