Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 57

Thread: Tuns of infected files trojans, adware, spyware, etc. No way to repair or remove them. HELP PLEASE

  1. #11
    mommydanise Guest

    Default Malware Log before deleting the corrupt files

    Malware Log
    *************************
    Malwarebytes' Anti-Malware 1.32
    Database version: 1638
    Windows 5.1.2600 Service Pack 3

    1/10/2009 8:17:57 PM
    mbam-log-2009-01-10 (20-17-57).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 137326
    Time elapsed: 1 hour(s), 50 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\bwaquudo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oduuqawb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\diusqtth.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\httqsuid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\12000000009710.isw.sect (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\1b000000001cbd.isw.sect (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\PC Tune-Up\RdvChk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP149\A0070434.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070537.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070543.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075650.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aialvsba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bthfiquw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

  2. #12
    mommydanise Guest

    Default Malware Log after deleting the corrupt files (17 files left in the quarantine)

    Malwarebytes' Anti-Malware 1.32
    Database version: 1638
    Windows 5.1.2600 Service Pack 3

    1/10/2009 8:17:57 PM
    mbam-log-2009-01-10 (20-17-57).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 137326
    Time elapsed: 1 hour(s), 50 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\bwaquudo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oduuqawb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\diusqtth.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\httqsuid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\12000000009710.isw.sect (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\1b000000001cbd.isw.sect (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\PC Tune-Up\RdvChk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP149\A0070434.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070537.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070543.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075650.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aialvsba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bthfiquw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Message Edited by mommydanise on 01-10-2009 08:40 PM

    Message Edited by mommydanise on 01-10-2009 08:41 PM

  3. #13
    mommydanise Guest

    Default Malware(17 files left in the quarantine)

    Malwarebytes' Anti-Malware 1.32
    Database version: 1638
    Windows 5.1.2600 Service Pack 3

    1/10/2009 7:46:53 PM
    mbam-log-2009-01-10 (19-46-49).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 137326
    Time elapsed: 1 hour(s), 50 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> No action taken.

    Files Infected:
    C:\WINDOWS\system32\bwaquudo.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\oduuqawb.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\diusqtth.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\httqsuid.ini (Trojan.Vundo.H) -> No action taken.
    C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\12000000009710.isw.sect (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Renee Smith\Application Data\#ISW.FS#\Normal\1b000000001cbd.isw.sect (Trojan.Vundo) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\PC Tune-Up\RdvChk.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP149\A0070434.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070536.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070537.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070542.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP150\A0070543.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075650.EXE (Adware.MyWebSearch) -> No action taken.
    C:\WINDOWS\system32\aialvsba.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\bthfiquw.dll (Trojan.Vundo) -> No action taken.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> No action taken.

  4. #14
    mommydanise Guest

    Default Norman Malware (1st) of (2) logs

    Norman Malware Cleaner
    Copyright
    1990 - 2008, Norman ASA. Built 2009/01/06 16:12:23

    Norman Scanner Engine Version: 5.93.01
    Nvcbin.def Version: 5.93.00, Date: 2009/01/06 16:12:23, Variants: 2447702

    Running pre-scan cleanup routine:
    Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
    Logged on user: NEWCANEY1\Renee Smith

    Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "gctyiz.dll" -> ""
    Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\ActiveDesktop -> NoChangingWallPaper = 0x00000000

    Scan started: 10/01/2009 13:05:30


    Scanning running processes and process memory...

    Number of processes/threads found: 2179
    Number of processes/threads scanned: 2178
    Number of processes/threads not scanned: 1
    Number of infected processes/threads terminated: 0
    Total scanning time: 12m 54s


    Scanning file system...

    Scanning: C:\*.*

    C:\Documents and Settings\All Users\Desktop\Office 2003 Editions 60 Day Trial.exe (Infected with Malware.ADRA)
    Deleted file

    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Error whilst scanning file: I/O Error (0x00000000))

    C:\Program Files\PopCap Games\Bejeweled Deluxe\demos\installers\Bejeweled2_mj.exe (Infected with W32/Smalltroj.IBLY)
    Deleted file

    C:\Program Files\PopCap Games\Bejeweled Deluxe\demos\installers\Chuzzle_mj.exe (Infected with W32/Smalltroj.JUPW)
    Deleted file

    C:\Program Files\PopCap Games\Bejeweled Deluxe\demos\installers\Insaniquarium_mj.exe (Infected with W32/Smalltroj.IBLY)
    Deleted file

    C:\Program Files\PopCap Games\Bejeweled Deluxe\demos\installers\Zuma_mj.exe (Infected with W32/Smalltroj.IBLU)
    Deleted file

    C:\Program Files\Yahoo!\Yahoo! Music Engine\WMP_Upgrade.wma (Error whilst scanning file: I/O Error (0x00000000))

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP143\A0067106.ini (Infected with INI/Vundo.A)
    Deleted file

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP143\A0067121.ini (Infected with Vundo.FBW)
    Deleted file

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075613.exe (Infected with Malware.ADRA)
    Deleted file

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075617.exe (Infected with W32/Smalltroj.IBLY)
    Deleted file

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075618.exe (Infected with W32/Smalltroj.JUPW)
    Deleted file

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075619.exe (Infected with W32/Smalltroj.IBLY)
    Deleted file

    C:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075620.exe (Infected with W32/Smalltroj.IBLU)
    Deleted file


    Running post-scan cleanup routine:

    A fatal error occured whilst scanning.
    0xC0000005 (1000106E)

    Message Edited by mommydanise on 01-10-2009 08:48 PM

  5. #15
    mommydanise Guest

    Default Re: Norman Malware (2nd) of (2) logs

    Norman Malware Cleaner
    Copyright
    1990 - 2008, Norman ASA. Built 2009/01/06 16:12:23

    Norman Scanner Engine Version: 5.93.01
    Nvcbin.def Version: 5.93.00, Date: 2009/01/06 16:12:23, Variants: 2447702

    Running pre-scan cleanup routine:
    Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode with network) Service Pack 3
    Logged on user: NEWCANEY1\Administrator


    Scan started: 10/01/2009 17:34:50


    Scanning running processes and process memory...

    Number of processes/threads found: 1018
    Number of processes/threads scanned: 1017
    Number of processes/threads not scanned: 1
    Number of infected processes/threads terminated: 0
    Total scanning time: 5m 20s


    Scanning file system...

    Scanning: C:\*.*

    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Error whilst scanning file: I/O Error (0x00000000))

    C:\Program Files\Yahoo!\Yahoo! Music Engine\WMP_Upgrade.wma (Error whilst scanning file: I/O Error (0x00000000))

    C:\WORKSSETUP\Office 2003 Editions 60 Day Trial.exe (Infected with Malware.ADRA)
    Deleted file

    Scanning: c:\System Volume Information\*.*

    c:\System Volume Information\_restore{3A9EE681-DC56-427A-B78E-063D3A0BD6EC}\RP151\A0075656.exe (Infected with Malware.ADRA)
    Deleted file


    Running post-scan cleanup routine:

    Number of files found: 170590
    Number of archives unpacked: 1019
    Number of files scanned: 170517
    Number of files not scanned: 73
    Number of files skipped due to exclude list: 0
    Number of infected files found: 2
    Number of infected files repaired/deleted: 2
    Number of infections removed: 2
    Total scanning time: 1h 53m 55s

  6. #16
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Malware(17 files left in the quarantine)

    "Folders Infected:
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> No action taken."

    Uninstall the playmp3z in the Add and Remove Programs of the control panel of windows. (if it is there to be found?)

    then do no reboot yet after uninstalling this, instead disable the system restore in windows...

    right click My Computer, open the Properties, open the System Restore tab, check the "Turn off System Restore on all drives" box, click Apply, click OK and close the window. And then reboot!

    [This will bascially do two things - clean out the system restore files that are infected and disable the system restore.
    So after this is all cleaned up, then re-enable the system restore, then reboot and then make sure there is a new system restore point made in windows (and things will be the same as before).]

    After the reboot, then repeat the scans using the same scanner that found these.




    Vundo is nasty stuff!


    Oldsod.
    Best regards.
    oldsod

  7. #17
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Norman Malware (1st) of (2) logs

    Uninstall the PopCap Games in the add and remove of the control panel.
    Do the same for the MyWebSearch toolbar.
    I think the office 2003 is safe and this could be a false detection.

    Still disable the sytem restore as suggested above and follow through with another scan with this scanner too ( a repeat scan).

    Next uninstall your Java using the add and remove in the control panel and uninstall any previous versions that are listed in the add and remove. You will have to re-install the Sun Java later on, but for now uninstall this and reboot immediately doing the uninstallation.

    Oldsod.
    Best regards.
    oldsod

  8. #18
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Norman Malware (2nd) of (2) logs

    Open the CCleaner installer, install it (into the program files directory).
    Open it from the All Programs menu.
    In the Cleaner section , check everything in the Windows tab and the Applications tab.
    In the Registry Integrity section, check everything.
    Now close it.
    Do not use the ccleaner yet - it will come in near the end. Not now.

    Next...
    Open the HJT, and do not make a log - just use the "Do a system scan only" not the "do a sytem scan and save a logfile".

    In the new window, check this one:

    O20 - AppInit_DLLs: gctyiz.dll

    then immediately click the "Fix Checked" box.

    Check the "Yes" option in the new window.

    And of course immediately reboot.

    Then download this:

    http://www.norman.com/Virus/Virus_re...tools/52658/en

    and run this immediately.

    Oldsod.
    Best regards.
    oldsod

  9. #19
    mommydanise Guest

    Default Re: Malware(17 files left in the quarantine)

    could the playmp3s be the apple program I have otherwise there isn't one listed on the ad and remove

  10. #20
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Not all of the programs needed show up in safe mode???

    A few will need to be permanently installed (like the ccleaner and the mbam) but the avert and the norman malware remover can be just placed on the main c drive or placed in the documents and settting. The desktop will suffice too - there is a desktop folder for the user account which was used to download the files when you are in the safe mode.
    But I guess you have already figured out these things anyways for your self.

    Oldsod.
    Best regards.
    oldsod

Page 2 of 6 FirstFirst 123456 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •