The Unofficial Karoo User Forums
May 21, 2012, 10:05:53 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Chat Help Search Calendar Login Register  
The Unofficial Karoo User Forums > Karoo User Discussion > Tech Support > virus help
Pages: [1]
« previous next »
  Print  
Author Topic: virus help  (Read 863 times)
bobthebuilder
Ofcom Inspector
******
Posts: 1171


View Profile
« on: July 02, 2010, 09:19:00 am »
had av suite in stalled on comp last night think its a virus becuase soon as that showed up my av went mental 
did a boot up scan had 30 virus  got rid off them but now can't get anything to work on comp  anti virus wont load it got rid of me internet connections. getting a lot off rund 32 errors
Logged
bashdabish
Guest
« Reply #1 on: July 02, 2010, 09:31:36 am »
Sounds like rogue AV/Malware infection based on your description. Hard to give exact instructions but try this generic advice.

1. Get Malwarebytes and Spybot S&D onto a USB pen.
2. Boot your machine into safe mode with networking.
3. Install above products, update and full sys scan.
Logged
bobthebuilder
Ofcom Inspector
******
Posts: 1171


View Profile
« Reply #2 on: July 02, 2010, 09:40:44 am »
i try that at work at moment but it wiped out me internet connections so dont think i be able to update it
Logged
bashdabish
Guest
« Reply #3 on: July 02, 2010, 09:45:26 am »
Not sure about it wiping out your connections. It is in the interest of the infection/virus to be connected.
Logged
Adrian
Director
*****
Broadband Provider: KC
Posts: 823


View Profile
« Reply #4 on: July 02, 2010, 09:57:32 am »
As bash said really... Download and save these, then start your comp in safe mode, run ccleaner to clear your temp files, install malware bytes and update the definition rules by copying the rules.ref to the malware bytes folder (overwriting the current rules.ref) to here:

2000/XP: "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"

Vista/7: "C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware"

http://download.adriandaz.co.uk/mb/ccleaner.exe (stand alone ccleaner to clear out temporary files)
http://download.adriandaz.co.uk/mb/mbam-setup.exe (malware bytes)
http://download.adriandaz.co.uk/mb/rules.ref (latest rules as of 9:45am 2/7/10)
http://download.adriandaz.co.uk/mb/startup.exe (tool for showing and editing which programs load when your computer starts)
Logged
KC Silver Plus
bobthebuilder
Ofcom Inspector
******
Posts: 1171


View Profile
« Reply #5 on: July 02, 2010, 10:00:57 am »
cheers i give that a go later and update you
Logged
bobthebuilder
Ofcom Inspector
******
Posts: 1171


View Profile
« Reply #6 on: July 02, 2010, 05:18:41 pm »
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d34d56e9-b37b-4c37-a854-1ac144592d5c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\Program Files\Common Files\PersonalSecUninstall (Rogue.PersonalSecurity) -> No action taken.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\Program Files\Common Files\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
Logged
bobthebuilder
Ofcom Inspector
******
Posts: 1171


View Profile
« Reply #7 on: July 02, 2010, 08:12:06 pm »
think i should just format it and try to recover any data if need be
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!