TechSpot

I'm not sure what's wrong with my computer

Resolved
By Abraham
May 12, 2012
Topic Status:
Not open for further replies.
  1. I'm not sure exactly what's wrong, but can somebody take a look please? Thanks.

    Will post logs in next post.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'll be glad to help, but I need some information. You may not know the cause of the problems you're having, but please tell me what the problem are- some description please.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. Abraham

    Abraham TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.12.08

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Zeus :: ZEUS-PC [administrator]

    5/12/2012 6:03:07 PM
    mbam-log-2012-05-12 (18-03-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206345
    Time elapsed: 6 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Data: C:\Users\Zeus\AppData\Roaming\0C593\lvvm.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WtVufNJluOXVUv (Rogue.Agent.SA) -> Data: C:\ProgramData\WtVufNJluOXVUv.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|48C.exe (Backdoor.CycBot.Gen) -> Data: C:\Users\Zeus\AppData\Roaming\Microsoft\B1E7\48C.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\Zeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

    Files Detected: 3
    C:\Users\Zeus\Desktop\Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
    C:\Users\Zeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
    C:\Users\Zeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

    (end)
     
  4. Abraham

    Abraham TS Rookie Topic Starter

    sooo... description... umm... the start menu doesn't seem to have everything in it, like accessories and stuff, only mozilla icon is on my desktop when I know I have more... and I can't install mcafee for some reason

    Edit to combine posts:

    gmer doesn't produce any log

    the dds will download but cannot be opened for some reason. also can't see the icon on the desktop

    just saw. dds gets automatically deleted a few second after I download it
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I have combined your 3 one line posts. Please use the Edit feature when you have short text instead of a new reply for each.

    The system has been infected by a rogue program named Windows Recovery
    This malware is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer and you need their program to fix it.
    • It will display numerous error messages when you attempt to launch programs or delete files.
    • It will scan your computer, which will then find a variety of errors that it states it cannot fix until you purchase the program. so-called defragment tool.
    • Folder, icons, programs may appear to be missing their content.
    • It may terminate a program you launch stating that "the program or hard drive is corrupted".
    • The messages that you will see when you attempt run a program are:
      [o]Hard Drive Failure
      [o]System or Critical Error
      [o]Closing these messages will then bring 'notice' of Windows Recovery Diagnostics and/or Fix Disk
    • When running it will also display fake alerts from your Windows taskbar of various "Critical Errors" and other fake warnings.
    • . The malware may prevent downloads directly to the infected computer. In that case, programs can be loaded onto a flash drive, then transferred to the problem system to run.
    --------------------------------------------
    Allows backdoor access and control> The malware also had variant of Backdoor:Win32/Cycbot.



    It makes Registry changes to the firewall, the Security Center. It can do or cause:
    1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
    2. Data theft (e.g. retrieving passwords or credit card information)
    3. Installation of software, including third-party malware
    4. Downloading or uploading of files on the user's computer
    5. Modification or deletion of files
    6. Keystroke logging
    7. Watching the user's screen
    8. Wasting the computer's storage space
    9. Crashing the computer
    Being advised of this, would you rather consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code?
    =================================================

    While you're considering that, you can go ahead with this: For the missing icons, Programs, files, run the following: This may not fully work as long as the malware remains.

    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.[/b
    Note : This does not remove the malware- only the attribute causing the 'missing' problem.

    Please let me know whether you choose to reformat and reinstall or whether, knowing the risks, you want to try and clean the system.
     
  6. Abraham

    Abraham TS Rookie Topic Starter

    I would prefer the reformat/reinstall option. thank you very much.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.