Hi,
I'm running Windows Vista on my laptop which has has a virus problem for a couple of weeks now.
I had a malicious pop up which led to a white screen/frozen system. I took it into an IT guy who did a clean up and apparently removed several Trojans. I was relieved to be back in my system again however it is still not funtioning properly, recurring problems are:
Odd behaviour of Hotmail (messages randomly being copied and deleted);
'Ebay account blocked' message, asking me to input name, address, credit card details etc;
Paypal transactions missing on the site;
Repeated Error 404 messages on Google;
Difficulty accessing any type of security/anti virus websites eg I had to go in a very roundabout way to get Microsoft Security Essentials and also Malwarebytes.
AVG Free had not detected any recent threats so I removed it and installed MSE, did a detailed scan which took 4 hours and found/removed several items even after the IT guy's clean up.
After browsing this site today I also downloaded Malwarebytes which found further items and removed them (details below).
I also ran a GMER scan (results below). Does this software merely identify threats or would it have removed them as well?
I tried to do a DDS scan afterwards as per instructions on the forum sticky however my computer showed an alert that the programme could be dangerous and damage my computer so I backed off in advance of asking for advice!
This is today's Malwarebyte's log (items all removed):
25/10/2012 10:51:49
mbam-log-2012-10-25 (10-51-49).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358827
Time elapsed: 1 hour(s), 42 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\TAMARA~1\LOCALS~1\Temp\msuihruj.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\TAMARA~1\LOCALS~1\Temp\msuihruj.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Data: explorer.exe,C:\Users\Tamara Fulcher\AppData\Roaming\msconfig.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2230609155-3124472653-3679513960-1003\$a3074f9df956c8853aa9dd6dc2e1c1ba\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
This is from the GMER notepad log (scan performed after Malwarebytes):
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-25 13:05:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC4CC
Running: iyhxyuhz.exe; Driver: C:\Users\TAMARA~1\AppData\Local\Temp\uxrdypod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
I'm running Windows Vista on my laptop which has has a virus problem for a couple of weeks now.
I had a malicious pop up which led to a white screen/frozen system. I took it into an IT guy who did a clean up and apparently removed several Trojans. I was relieved to be back in my system again however it is still not funtioning properly, recurring problems are:
Odd behaviour of Hotmail (messages randomly being copied and deleted);
'Ebay account blocked' message, asking me to input name, address, credit card details etc;
Paypal transactions missing on the site;
Repeated Error 404 messages on Google;
Difficulty accessing any type of security/anti virus websites eg I had to go in a very roundabout way to get Microsoft Security Essentials and also Malwarebytes.
AVG Free had not detected any recent threats so I removed it and installed MSE, did a detailed scan which took 4 hours and found/removed several items even after the IT guy's clean up.
After browsing this site today I also downloaded Malwarebytes which found further items and removed them (details below).
I also ran a GMER scan (results below). Does this software merely identify threats or would it have removed them as well?
I tried to do a DDS scan afterwards as per instructions on the forum sticky however my computer showed an alert that the programme could be dangerous and damage my computer so I backed off in advance of asking for advice!
This is today's Malwarebyte's log (items all removed):
25/10/2012 10:51:49
mbam-log-2012-10-25 (10-51-49).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358827
Time elapsed: 1 hour(s), 42 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\TAMARA~1\LOCALS~1\Temp\msuihruj.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\TAMARA~1\LOCALS~1\Temp\msuihruj.scr -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Data: explorer.exe,C:\Users\Tamara Fulcher\AppData\Roaming\msconfig.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2230609155-3124472653-3679513960-1003\$a3074f9df956c8853aa9dd6dc2e1c1ba\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
This is from the GMER notepad log (scan performed after Malwarebytes):
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-25 13:05:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC4CC
Running: iyhxyuhz.exe; Driver: C:\Users\TAMARA~1\AppData\Local\Temp\uxrdypod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----