infected explorer.exe etc.

effingdelf · Feb 21, 2009

Ok so i may be a little vague, been trying to sort this out for far too long.
came home to find my computer with no explorer running and set about trying to sort it out.
im sorry if it makes it difficult, i didnt follow your guide from the start because i only found this site an hour ago. but ill tell you what i have done.
using programs including spybot / spyware doctor (full edition) / malwarebytes and a couple vundofix programs i found quite a few infections of virtumonde, along with other things like win32.delf.uc (which i dont seem to be able to get rid of)
so i cleaned them off, this didnt really seem to help things, i now can use my pc in safe mode and explorer doesnt close. This is when i found your site, and since then ive followed all your cleaning etc. steps.
i cant install SUPER anti spyware, something about the administrator has disabled installations of that type, but everything else is done.
i have been considering just reinstalling winXP, however im not sure how it would work, because i have XP installed on one of my hard drives and Vista on the other, would they both need to be reinstalled??
also i have a lot of data and not so much space to backup to, unless i want to sit here with DVD's all day.

i shall include a couple more logs from last night to help you recognize my problems.

any help you can give is greatly appreciated, and as i said im very tired so i may edit this to keep it up to date
Gregg

effingdelf · Feb 21, 2009

other files

again sorry this is messy.
an updated MBAM log is here also, along with a DDS log i did from another program, not sure if it will be helpful, the info might be out of date but will show what ive had atleast.

also, when i run MGtools i get this pop up message 'The application failed to initialize properly (0xc000007b). Click on OK to terminate the application'

thanks again

effingdelf · Feb 21, 2009

also managed to get the SUPER anti spyware working, here is its log

Kestrel13! · Feb 22, 2009

Hi there and welcome. We are currently reviewing your logs and will get back to you with a set of instructions as soon as I possibly can. Thanks for you patience during this time.

Kes13!

Kestrel13! · Feb 24, 2009

You have fallen victim to one of the latest attacks that is affecting system files. Notice your Combo log....this means that no matter what we remove, you will still have system files ( even the ones in your i386 folder) that are infected which open ports to download additional malware. The only option you have is to save your data and files and do a complete reformat and re-installation.

Kestrel13!

effingdelf · Feb 24, 2009

nice...
just what id always wanted

effingdelf · Feb 24, 2009

actually if you could tell me one more thing, like i said i have win xp installed on one hard drive and vista on the other - do i have to completely format everything?? or just my xp installation?

TimW · Feb 24, 2009

Run Combo on the Vista partition......You may just need to reformat the xp partition.

Log in or Sign up

infected explorer.exe etc.

effingdelf Private E-2

Attached Files:

mbam-log-2009-02-20 (17-42-23).txt

mbam-log-2009-02-20 (18-53-06).txt

ComboFix.txt

effingdelf Private E-2

Attached Files:

MGlogs.zip

mbam-log-2009-02-21 (17-39-47).txt

DDS.txt

effingdelf Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 02-21-2009 - 18-51-32.log

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

effingdelf Private E-2

effingdelf Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member