1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Windows vista problem(Malware and Virus Removal)

Discussion in 'Malware and Virus Removal Archive' started by aamir763, 2010/06/27.

Thread Status:
Not open for further replies.
  1. 2010/06/27
    aamir763

    aamir763 Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    3
    Likes Received:
    0
    [Inactive] Windows vista problem(Malware and Virus Removal)

    I am using Windows vista home on my laptop. For like a month, it has been really bothering. Its very slow, and it has definately infected by malware, trojan or maybe even virus. Here is what i have done so far.
    I try to open spybot search & destroy, it does not open.
    I tried to go to safemode & run spybot. Safemode fails & it tells me that i can not enter safemode, sorry for inconvenience and it starts windows in normal mode.
    I installed Malware bytes, it worked the first time, it detected plenty trojans & malwares but when i click on removing them, my windows restarts itself.
    I tried to get an online scan from bitdefender but it does not load that page & it times out.

    i scanned it using superantispyware and here is the log


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/27/2010 at 02:26 PM

    Application Version : 4.35.1002

    Core Rules Database Version : 5125
    Trace Rules Database Version: 2937

    Scan type : Quick Scan
    Total Scan Time : 00:12:10

    Memory items scanned : 465
    Memory threats detected : 0
    Registry items scanned : 450
    Registry threats detected : 50
    File items scanned : 5014
    File threats detected : 99

    Adware.Vundo/Variant-SR
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{26affa0c-f771-498a-b306-3d07b64f4521}
    HKCR\CLSID\{26AFFA0C-F771-498A-B306-3D07B64F4521}
    HKCR\CLSID\{26affa0c-f771-498a-b306-3d07b64f4521}\InprocServer32
    HKCR\CLSID\{26affa0c-f771-498a-b306-3d07b64f4521}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\VABEJODU.DLL
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#lolufikef

    Adware.Tracking Cookie
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@target.db.advertising[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[3].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@adinterax[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@tacoda[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@carfinderph[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@tribalfusion[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@adserver.adtechus[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@burstnet[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@sales.liveperson[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ads.undertone[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[4].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@adbrite[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ad.yieldmanager[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@www.burstnet[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@server.iad.liveperson[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@atdmt[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@casalemedia[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@www.accountonline[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@247realmedia[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@at.atwola[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@kontera[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@imrworldwide[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@myaccount.verizonwireless[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@a.websponsors[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@revsci[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@eyewonder[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[8].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@realmedia[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@nextag[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@overture[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@legolas-media[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@dc.tremormedia[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@bs.serving-sys[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@serving-sys[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@www.googleadservices[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@pointroll[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@collective-media[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@adecn[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@linksynergy[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@media6degrees[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@a1.interclick[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@cdn4.specificclick[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@insightexpressai[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@advertise[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@oasn04.247realmedia[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@fastclick[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@invitemedia[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@specificmedia[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@2o7[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@questionmarket[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@apmebf[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@richmedia.yahoo[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@content.yieldmanager[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@citi.bridgetrack[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@yieldmanager[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@hitbox[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ehg-nokiafin.hitbox[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@statse.webtrendslive[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@rotator.adjuggler[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@azjmp[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@oasn03.247realmedia[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@advertising[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ru4[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@interclick[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ads.pointroll[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@mediaplex[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@data.coremetrics[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ads.quixsurf[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@trafficmp[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@walmart.112.2o7[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@zedo[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[5].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@cmp.112.2o7[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@doubleclick[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ad.wsod[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@eb.adbureau[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@specificclick[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@googleads.g.doubleclick[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@boostmobile.112.2o7[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@ehg-verizon.hitbox[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@content.yieldmanager[3].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@www.googleadservices[2].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@accountonline[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@bizrate[1].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@liveperson[7].txt
    C:\Documents and Settings\Maria Felipe\Cookies\maria_felipe@bluestreak[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adtechus[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt

    Adware.Flash Tracking Cookie
    C:\Documents and Settings\Maria Felipe\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XL8EKFRS\SERVING-SYS.COM
    C:\Documents and Settings\Maria Felipe\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XL8EKFRS\UDN.SPECIFICCLICK.NET
    C:\Documents and Settings\Maria Felipe\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XL8EKFRS\A.ADS2.MSADS.NET
    C:\Documents and Settings\Maria Felipe\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XL8EKFRS\ADS2.MSADS.NET
    C:\Documents and Settings\Maria Felipe\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XL8EKFRS\B.ADS2.MSADS.NET
    C:\Documents and Settings\Maria Felipe\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XL8EKFRS\STATIC.2MDN.NET

    Trojan.Agent/Gen
    HKLM\SOFTWARE\AvScan
    HKLM\SOFTWARE\AvScan#aazalirt
    HKLM\SOFTWARE\AvScan#skaaanret
    HKLM\SOFTWARE\AvScan#jungertab
    HKLM\SOFTWARE\AvScan#zibaglertz
    HKLM\SOFTWARE\AvScan#iddqdops
    HKLM\SOFTWARE\AvScan#ronitfst
    HKLM\SOFTWARE\AvScan#tobmygers
    HKLM\SOFTWARE\AvScan#jikglond
    HKLM\SOFTWARE\AvScan#tobykke
    HKLM\SOFTWARE\AvScan#klopnidret
    HKLM\SOFTWARE\AvScan#jiklagka
    HKLM\SOFTWARE\AvScan#salrtybek
    HKLM\SOFTWARE\AvScan#seeukluba
    HKLM\SOFTWARE\AvScan#jrjakdsd
    HKLM\SOFTWARE\AvScan#krkdkdkee
    HKLM\SOFTWARE\AvScan#dkewiizkjdks
    HKLM\SOFTWARE\AvScan#dkekkrkska
    HKLM\SOFTWARE\AvScan#rkaskssd
    HKLM\SOFTWARE\AvScan#kuruhccdsdd
    HKLM\SOFTWARE\AvScan#krujmmwlrra
    HKLM\SOFTWARE\AvScan#kkwknrbsggeg
    HKLM\SOFTWARE\AvScan#ktknamwerr
    HKLM\SOFTWARE\AvScan#iqmcnoeqz
    HKLM\SOFTWARE\AvScan#ienotas
    HKLM\SOFTWARE\AvScan#krkmahejdk
    HKLM\SOFTWARE\AvScan#otpeppggq
    HKLM\SOFTWARE\AvScan#krtawefg
    HKLM\SOFTWARE\AvScan#oranerkka
    HKLM\SOFTWARE\AvScan#kitiiwhaas
    HKLM\SOFTWARE\AvScan#otowjdseww
    HKLM\SOFTWARE\AvScan#otnnbektre
    HKLM\SOFTWARE\AvScan#oropbbsee
    HKLM\SOFTWARE\AvScan#irprokwks
    HKLM\SOFTWARE\AvScan#ooorjaas
    HKLM\SOFTWARE\AvScan#id
    HKLM\SOFTWARE\AvScan#ready

    Malware.Trace
    HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER#NOFOLDEROPTIONS
    HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER#NOFOLDEROPTIONS

    Disabled.SecurityCenterOption
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

    Disabled.TaskManager
    HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
    HKU\S-1-5-21-926154376-3073533923-3759680469-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
    HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

    Trojan.Agent/Gen-Virut
    C:\DOCUMENTS AND SETTINGS\MARIA FELIPE\LOCAL SETTINGS\TEMP\WINLQBG.EXE

    Kindly help me fix my laptop. Thank you
     
    aamir763,
    #1
  2. 2010/06/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Read this post, then post the requested log(s).
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/06/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Also...

    Upload following files to http://www.virustotal.com/ for security check:
    - explorer.exe located @ C:\Windows
    - userinit.exe and svchost.exe located @ C:\Windows\System32
    Post scans results.
     
    broni,
    #3
  5. 2010/06/28
    aamir763

    aamir763 Inactive Thread Starter

    Joined:
    2010/06/27
    Messages:
    3
    Likes Received:
    0
    Before i could try what you have asked, i tried to restore my system to a previous date. In the middle, it restarted itself & now when the windows opens. They give me this message

    application or dll windows/system32/lst.dll is in valid

    I cant do anything else while this message is there. I keep clicking for about 3 times & then windows restarts itself.

    Thank you
     
    aamir763,
    #4
  6. 2010/06/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, it's never a good idea to something else, than I ask you to do.
    I suspect, you computer is infected with Virut virus, which is not curable.

    Let's see, if we can look at your computer booting from an external source.

    Using good computer, please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your bad computer using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...