1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Infected virus

Discussion in 'Malware and Virus Removal Archive' started by johnkill, 2010/09/26.

Thread Status:
Not open for further replies.
Page 2 of 3
  1. 2010/09/29
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    i'l repeat later after work... :( i'l uninstall first program that useless..
     
    johnkill,
    #21
  2. 2010/09/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Also, to prevent similar actions in the future.....

    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/10/02
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4734

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    10/3/2010 11:17:25 AM
    mbam-log-2010-10-03 (11-17-25).txt

    Scan type: Quick scan
    Objects scanned: 144673
    Time elapsed: 22 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\autorun.inf (Malware.Packer.Gen) -> Delete on reboot.
    C:\jvyx.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\hnvju.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\johnkill\x.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
     
    johnkill,
    #23
  5. 2010/10/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This doesn't look good:
    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - explorer.exe located @ C:\Windows
    - userinit.exe and svchost.exe located @ C:\Windows\System32
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
    broni,
    #24
  6. 2010/10/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you still out there?
     
    broni,
    #25
  7. 2010/10/08
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    i am sorry for the delay, i am on a vacation here in may grandmother province, she will be celebrating 80th birthday, i'll proceed when i get back at home.

    i cant open virustotal...site
     
    johnkill,
    #26
  8. 2010/10/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #27
  9. 2010/10/13
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    is it really need the gmer? its process is too long...and i am using my laptop from 10am-2am for my internet cafe and cellphone repair programming...

    is it posible if i scan my hard drive to other computer making it slave?
     
    johnkill,
    #28
  10. 2010/10/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All I need you to do now is to follow instructions from my post #24.
     
    broni,
    #29
  11. 2010/10/15
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    johnkill,
    #30
  12. 2010/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, zip both files and email them to me.
    I'll PM you with my email address.

    IMPORTANT! Make sure they're zipped
     
    broni,
    #31
  13. 2010/10/15
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    SENT...i use winrar..
     
    johnkill,
    #32
  14. 2010/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Thanks :)
    There is some infection, but online scan doesn't show Sality virus so far.
    Please, continue with GMER and MBRCheck.
     
    broni,
    #33
  15. 2010/10/15
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    my cafe timer not working, it pause even i didnt pause it. sometimes it locks my clients PC!
     
    johnkill,
    #34
  16. 2010/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What is cafe timer?
     
    broni,
    #35
  17. 2010/10/15
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    cafe timer, use for internet cafe, record time who use or rent

    [​IMG]

    and almost all of my software for cellphone repair are not working anymore, even my installers. :(
     
    johnkill,
    #36
  18. 2010/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ...and what do you want me to do about it?
    I'm lost....
     
    broni,
    #37
  19. 2010/10/15
    johnkill

    johnkill Inactive Thread Starter

    Joined:
    2009/08/20
    Messages:
    31
    Likes Received:
    0
    is there any solution sir how to revive my installer?

    i'm running gmer now.
     
    johnkill,
    #38
  20. 2010/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What installer?
    What happened to it?
    Look, I'm not there and I really have no idea, what you're referring to.
     
    broni,
    #39
  21. 2010/10/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you still out there?
     
    broni,
    #40
Page 2 of 3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...