Hi,
My computer has been infected with malware for a couple days now. It seems to be getting worse after every reboot, so I don't know how much time I have left before I can't access Windows or my files anymore. I scoured the net for solutions and stumbled onto this site. Followed the 8-step guide, or tried to rather, to the letter. If anyone can help me out, it'd be greatly appreciated cause I'm clueless as to what to do now and this is my last resort (I really don't like bothering others with my problems). Thanks in advance for any help you can give.
My system (from what I remember, can't access info):
Intel P4, 2.0 gHz, 512mb RAM
Windows XP Pro (2002 Version), SP3 installed
Sharing internet access with another computer through a router
Initial problem: I was surfing the web a couple nights ago when some malware was downloaded to my computer without my permission, something called AVCare? Firefox windows would open randomly sending me to random pay sites. Google searches would send me to random sites as well. Scrollbars on browser windows would extend way right and down for no apparent reason. Spybot wouldn't load when double-clicked, Ad-aware or AVG Free didn't find anything. I deleted AVCare from the add/remove programs in the control pannel, but my system was still screwed up.
Followed Step 1: Ran Trend Micro HouseCall, found a few things, trojans among others, removed them. Deleted AVG, downloaded and installed Avira Free, found near 200 items, quarantined them. Can't attach log, or include it in this post (too long). Here's what was found:
TR/FraudPack.qax.30 Trojan
HTML/Infected.WebPage.Gen HTML script virus
HTML/IFrame.13197 HTML script virus
HEUR/HTML.Malware suspicious code
EXP/ASF.GetCodec.Gen exploit
TR/Click.VBiframe.XI Trojan
TR/Crypt.PEPM.Gen Trojan
TR/Dldr.FraudLoad.fbs.2 Trojan
HTML/Malicious.PDF.Gen HTML script virus
TR/FraudPack.qav Trojan
TR/Dropper.Gen Trojan
TR/Crypt.ASPM.Gen Trojan
And the summary:
Can get more info on request.
Followed Step 2: Downloaded and ran CCleaner twice with all boxes ticked except that 1. After a reboot, this is where Windows started getting really weird. System tray had no icons except volume icon, desktop background was gone (even though default "Bliss" was selected), size of title and scroll bars in windows smaller than usual, etc.
Followed Steps 3 and 4: No problem.
Step 5: Downloaded Malwarebytes' app, couldn't install it. Followed the guide on this forum to get around it (can't link it, need 5 posts) and was able to install in safe mode, but couldn't run it after. Still can't run it in normal mode. I double-click the icon and nothing happens.
I can't go any further because Firefox or IE won't load anymore when their icons are double-clicked. Maybe I can get them to work in safe mode. Colors in Windows are off now as well. Did a reboot at one point and the logon screen asked me for a password (never had one). Entered admin password and got this message: "The system cannot find message text for message number 0x%1 in the message file for %2." Did another reboot and luckily got into Windows. Running another scan with Avira now. A few more trojans showing up.
If I can do anything to remedy this, please let me know. Thanks again.
Glandith
UPDATE: Downloaded SAS and HJT on an older computer and transferred it using my USB drive. When I try to run SAS, I get an error message with an option to report. Double-clicking on HJT doesn't do anything.
UPDATE: I was able to run Malwarebytes' app by renaming the executable file to bob.exe. When I click 'remove selected', the following comes up:
My computer has been infected with malware for a couple days now. It seems to be getting worse after every reboot, so I don't know how much time I have left before I can't access Windows or my files anymore. I scoured the net for solutions and stumbled onto this site. Followed the 8-step guide, or tried to rather, to the letter. If anyone can help me out, it'd be greatly appreciated cause I'm clueless as to what to do now and this is my last resort (I really don't like bothering others with my problems). Thanks in advance for any help you can give.
My system (from what I remember, can't access info):
Intel P4, 2.0 gHz, 512mb RAM
Windows XP Pro (2002 Version), SP3 installed
Sharing internet access with another computer through a router
Initial problem: I was surfing the web a couple nights ago when some malware was downloaded to my computer without my permission, something called AVCare? Firefox windows would open randomly sending me to random pay sites. Google searches would send me to random sites as well. Scrollbars on browser windows would extend way right and down for no apparent reason. Spybot wouldn't load when double-clicked, Ad-aware or AVG Free didn't find anything. I deleted AVCare from the add/remove programs in the control pannel, but my system was still screwed up.
Followed Step 1: Ran Trend Micro HouseCall, found a few things, trojans among others, removed them. Deleted AVG, downloaded and installed Avira Free, found near 200 items, quarantined them. Can't attach log, or include it in this post (too long). Here's what was found:
TR/FraudPack.qax.30 Trojan
HTML/Infected.WebPage.Gen HTML script virus
HTML/IFrame.13197 HTML script virus
HEUR/HTML.Malware suspicious code
EXP/ASF.GetCodec.Gen exploit
TR/Click.VBiframe.XI Trojan
TR/Crypt.PEPM.Gen Trojan
TR/Dldr.FraudLoad.fbs.2 Trojan
HTML/Malicious.PDF.Gen HTML script virus
TR/FraudPack.qav Trojan
TR/Dropper.Gen Trojan
TR/Crypt.ASPM.Gen Trojan
And the summary:
15891 Scanned directories
538352 Files were scanned
181 Viruses and/or unwanted programs were found
3 Files were classified as suspicious
1 files were deleted
0 Viruses and unwanted programs were repaired
182 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
538166 Files not concerned
3371 Archives were scanned
25 Warnings
184 Notes
31783 Objects were scanned with rootkit scan
11 Hidden objects were found
Can get more info on request.
Followed Step 2: Downloaded and ran CCleaner twice with all boxes ticked except that 1. After a reboot, this is where Windows started getting really weird. System tray had no icons except volume icon, desktop background was gone (even though default "Bliss" was selected), size of title and scroll bars in windows smaller than usual, etc.
Followed Steps 3 and 4: No problem.
Step 5: Downloaded Malwarebytes' app, couldn't install it. Followed the guide on this forum to get around it (can't link it, need 5 posts) and was able to install in safe mode, but couldn't run it after. Still can't run it in normal mode. I double-click the icon and nothing happens.
I can't go any further because Firefox or IE won't load anymore when their icons are double-clicked. Maybe I can get them to work in safe mode. Colors in Windows are off now as well. Did a reboot at one point and the logon screen asked me for a password (never had one). Entered admin password and got this message: "The system cannot find message text for message number 0x%1 in the message file for %2." Did another reboot and luckily got into Windows. Running another scan with Avira now. A few more trojans showing up.
If I can do anything to remedy this, please let me know. Thanks again.
Glandith
UPDATE: Downloaded SAS and HJT on an older computer and transferred it using my USB drive. When I try to run SAS, I get an error message with an option to report. Double-clicking on HJT doesn't do anything.
UPDATE: I was able to run Malwarebytes' app by renaming the executable file to bob.exe. When I click 'remove selected', the following comes up:
Followed by:Run-time error '48':
File not found: wininet
Followed by:Run-time error '0'
Anyway, here's the log from the results page:The exception Floating-point inexact result.
(0xc000008f) occured in the application at location 0x7c812afb.
Click on OK to terminate the program.
Malwarebytes' Anti-Malware 1.40
Database version: 2548
Windows 5.1.2600 Service Pack 3
8/10/2009 8:44:40 PM
Malwarebytes-log1
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 273764
Time elapsed: 34 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msb.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.