Hello
I have been infected by viruses and malware i stubbled upon this forum and i hope someone can give me some advise. I have attached the log files that are stated in the 8 step virus and malware removal.
Over the past few days i have tried several antivirus programs, adware and malware programs
they all find viruses and remove them but the problems keep coming back. Yesterday i started getting a bad image error message when any program is launched. if i click ok on the message the program launches and runs normally.
thank you for any help
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4143
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25-05-2010 21:04:51
mbam-log-2010-05-25 (21-04-51).txt
Scan type: Quick scan
Objects scanned: 124769
Time elapsed: 6 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
C:\Documents and Settings\All Users\_qbothome (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\u (Trojan.Qakbot) -> No action taken.
Files Infected:
C:\Documents and Settings\All Users\_qbothome\seclog.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\Erik Kirschberg\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\crontab.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\ps_dump_Erik Kirschberg.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\si.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\updates.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\updates1.cb (Trojan.Qakbot) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot_installed (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\~efd9452.tmp (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\Erik Kirschberg\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-25 21:17:06
Windows 5.1.2600 Service Pack 3
Running: lug4zfju.exe; Driver: C:\DOCUME~1\ERIKKI~1\LOCALS~1\Temp\pxtdapoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A6B1D01
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
I have been infected by viruses and malware i stubbled upon this forum and i hope someone can give me some advise. I have attached the log files that are stated in the 8 step virus and malware removal.
Over the past few days i have tried several antivirus programs, adware and malware programs
they all find viruses and remove them but the problems keep coming back. Yesterday i started getting a bad image error message when any program is launched. if i click ok on the message the program launches and runs normally.
thank you for any help
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4143
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25-05-2010 21:04:51
mbam-log-2010-05-25 (21-04-51).txt
Scan type: Quick scan
Objects scanned: 124769
Time elapsed: 6 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
C:\Documents and Settings\All Users\_qbothome (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\u (Trojan.Qakbot) -> No action taken.
Files Infected:
C:\Documents and Settings\All Users\_qbothome\seclog.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\Erik Kirschberg\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\crontab.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\ps_dump_Erik Kirschberg.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\si.txt (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\updates.cb (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\updates1.cb (Trojan.Qakbot) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\_qbot_installed (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\All Users\_qbothome\~efd9452.tmp (Trojan.Qakbot) -> No action taken.
C:\Documents and Settings\Erik Kirschberg\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> No action taken.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-25 21:17:06
Windows 5.1.2600 Service Pack 3
Running: lug4zfju.exe; Driver: C:\DOCUME~1\ERIKKI~1\LOCALS~1\Temp\pxtdapoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A6B1D01
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----