Welcome to TS.- - Say Yeah!
Pardon my exhuberance. I couldn’t contain myself. You are to be congratulated for staying cool while under the gun. Your approach saves us a lot of work to complete the analysis.
From the details you report, I infer that no residual symptoms of an infection are apparent to you. That’s encouraging.
Please consider sharing details of the Dr. Web software that was so effective. It sounds like the Rx we need to overcome the bug that bit you. Here is the free version I found, but I want to be sure.
freedrweb/cureit/
- - - Next ----
Sample removal of files associated with infection
Run MBAM - do not scan
> More Tools > Run Tool (FileAssassin)
Copy and paste the line in the box to "File Name" and click open.
Code:
Standard 'open' dialog box presented; Msg - no file > if deleted by tools
C:\Windows\System32\Drivers\beep.sys
C:\Windows\System32\brastk.exe
C:\Windows\System32\karna.dat
Restart the computer
Scan with HJT, tick & Fix the following
Code:
O20 - AppInit_DLLs: karna.dat
Exit & restart the computer.
The direction from here will be to update MBAM & SAS.
Scan with MBAM, quick mode. Repeat this scan until achieving 0 infections or no further progress is made.
Scan with MBAB, complete mode,
Scan with SAS.
Post logs : MBAB, SAS, HJT (all MBAB logs with infections)
Please share details of your progress & state observations of what you consider unusual that should be considered.
Background of the analysis –
Need Database version > 1400; Memory process NOT ended:
Malwarebytes' Anti-Malware 1.30 Database version: 1306 11/18/2008 12:07:06 PM
Scan type: Full Scan (C:\|) Objects scanned: 171558 Time elapsed: 1 hour(s), 56 minute(s)
Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 2
Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 12
Memory Processes Infected: (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.
v2.0.2 Scan saved at 1:36:55 PM, on 11/18/2008
XP SP3 MSIE: v7.00 Boot mode: Normal
O20 - AppInit_DLLs: karna.dat - - > MBAM stale; observe effect of latest version to correct
Suspicious:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Not confirmed by O22 - - > HJT whitelist ? Have user to tick off updates (google)