XP AntiVirus 2009

Discussion in 'Malware Help (A Specialist Will Reply)' started by VaultBoy, Nov 11, 2008.

  1. VaultBoy

    VaultBoy Private E-2

    Not sure what I was doing, nor why AVG missed it but my computer got hijacked by this thing. I initially tried doing a full scan using AVG, but I was getting debug errors (Visual Studio was indicating problems). I was able to quarantine a few files, but it wasn't able to get everything because I was having issues getting to any anti-virus site and google searches would redirect to add sites.

    I did some searching around (on another PC) and Malwarebytes was suggested multiple times, but I couldn't get it to install. Searching around on the internet I found that if I renamed it it should install. I actually had to rename it and install in safe mode (with network) to get the install to go through.

    Once the install was through I was able to run Malwarebytes and removed quite a few of the infected files. This freed up the internet and installing on my computer so that I could run everything in the READ FILE.

    Files attached to this post are:
    First log of Malwarebytes (that got everything working again)
    SUPERAntiSpyware log
    Second log of Malwarebytes (after running SUPERAntiSpyware, Spybot S&D, and updating Malwarebytes)
     

    Attached Files:

    VaultBoy, Nov 11, 2008
    #1
  2. VaultBoy

    VaultBoy Private E-2

    Here's the additional logs...

    Also, I ran ComboFix from C:\Temp\AntiVirus\.

    Oh, and I forgot to mention I ran fixswen.inf (I can't remember the site that recommended it) trying to get Malwarebytes to install. I've added it (renamed to .txt) in case I need to undo something that it's done.
     

    Attached Files:

    VaultBoy, Nov 11, 2008
    #2
  3. VaultBoy

    VaultBoy Private E-2

    Here's some more info. I ran Kaspersky online which found some worms in e-mail (junk and trash folders). I don't access anything in those and I believe I have Thunderbird set to delete them after so many days, but might as well get it as clean as possible.

    Also attached are the logs from the avast virus check that runs on boot up. I'm also running a thorough avast scan of everything (maybe it does this with the boot, but I figured more is better than less).
     

    Attached Files:

    VaultBoy, Nov 11, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Combo should be run from the desktop....but let's just do this:

    Please use add/remove programs to uninstall:
    Code:
    J2SE Runtime Environment 5.0 Update 10"
"DisplayName"="J2SE Runtime Environment 5.0 Update 11"
"DisplayName"="J2SE Runtime Environment 5.0 Update 7"
"DisplayName"="J2SE Runtime Environment 5.0 Update 9"
"DisplayName"="Java 2 Runtime Environment, SE v1.4.2_06"
"DisplayName"="Java(TM) 6 Update 2"
"DisplayName"="Java(TM) 6 Update 3"
"DisplayName"="Java(TM) 6 Update 5"
"DisplayName"="Java(TM) 6 Update 7"
"DisplayName"="Java(TM) SE Runtime Environment 6 Update
    Now disable all anti-virus and anti-spyware programs while we do the following ( be sure to re-enable when we are finished):

    Download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the "Input script here:"
    part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\%username%\Local Settings\Temp

    Now download and install:
    Java Runtime

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Nov 11, 2008
    #4
  5. VaultBoy

    VaultBoy Private E-2

    I removed all versions of Java. I rebooted to make sure the antivirus was off. I ran Avenger, the log is attached. I removed all files (except for those dated today) from the temp folders. I installed Java. I ran C:\MGtools\GetLogs.bat, the log is attached.
     

    Attached Files:

    VaultBoy, Nov 11, 2008
    #5
  6. VaultBoy

    VaultBoy Private E-2

    Here's the results of a thorough Avast check.
     

    Attached Files:

    VaultBoy, Nov 12, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good...tell me what problems you are still having.
     
    TimW, Nov 12, 2008
    #7
  8. VaultBoy

    VaultBoy Private E-2

    I'm not having any problems now, I just wanted to confirm there wasn't anything more I needed to do.

    Thanks.
     
    VaultBoy, Nov 12, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know....:)

     
    TimW, Nov 12, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds