Is my Antivirus 2009 malware nightmare over?

Status
Not open for further replies.

Mazzle

Posts: 8   +0
I can't believe how smart this Antivirus-Pro 2009 malware/trojan/virus is. It's incredible how pervasive and comprehensive its strategies are. I'd like to strangle those came up with it, maliciously destroying so many computers, all just for a near zero chance that they can get a few sales out of it.

The symptoms I was having:
  1. Constant warnings about spyware and other security compromises
  2. Red x in taskbar that gave warnings
  3. Background of Windows changed to be a big flashing warning about security being compromised!
  4. Constantly being redirected to the Antivirus-Pro 2009 web page
  5. Searches being hijacked and redirected
  6. Task Manager disabled
  7. CPU Performance compromised and long startups even though none of the processes that people talked about seem to be running
  8. My Documents being opened randomly on its own.
  9. Some of this stuff even occurred in safe mode.
  10. Unable to turn on windows security stuff on any more. It almost seemed like the security control panel was a fake.
  11. Windows installer may have been compromised.

Anyway, I ran malware and virus checkers a few times. I thought I had it removed before, but it kept coming back. So, I just went through all 8 steps very carefully. I also ran ComboFix, Microsoft Windows Malicious Software Removal tool and installed a HOST file that was supposed to block most malware sites, all recommendations I found here in various threads. Can you guys please look at the log and see if I need to do anything with HijackThis or another program to make sure this thing is finally gone?

The exact steps I took are:
  1. McAfee Virus Scan in normal mode while fully infected: nothing found
  2. Malware scan in normal mode: blue screen
  3. Malware scan in safe mode a few times (logs attached in next post)
  4. Ran Windows Update and it installed SP3.
  5. McAfee Virus Scan in safe mode. It found a Generic Rootkit.d.!rootkit NTOSKRNL-HOOK and removed it.
  6. CCleaner full in normal mode
  7. SDFix (log attached)
  8. Replaced my host file with the recommended malware/adware blocking one
  9. Microsoft Windows Malicious Software Removal Tool, quick then full scan. (log attached)
  10. Combofix (log attached)
  11. Malware scan in safe mode (logs attached in next post)
  12. SuperAntiSpyware (log attached)
  13. Checked Java version and it was current.
  14. HijackThis (log attached)
I also have a question. Are my passwords possibly compromised if I never actually entered them while I was infected? Is it possible they got them simply from the cookies and saved password info that Firefox has?

Thank you in advance for spending your valuable time helping me with this problem!
 

Attachments

  • combofix.txt
    15.1 KB · Views: 7
  • hijackthis.log
    6.6 KB · Views: 7
Here are the other malwarebyte logs...
 

Attachments

  • mbam-log-2009-05-25 (20-49-27).txt
    1 KB · Views: 8
  • mbam-log-2009-05-26 (16-19-19).txt
    841 bytes · Views: 5
Hi Mazzle,

Is the computer still playing up? I'd suggest as another step to download and run Avenger and make sure the 'Scan for Rootkits' is ticked. Just as a precaution. Then you can also post that log in here for more evaluation. Generally as a rule, after I have completed deep virus scans, I run the system file checker to make sure that no system files were damaged in the process. You can do this by entering into command prompt

Start > All Programs >Accessories > Command Prompt

Once opened, then type into the opened directory

sfc /scannow

If it finds any system files damaged, then it will ask you for your XP/Vista disk so it can replace them

Antivirus 2009 is a cunning piece of software! Have had to deal with it a lot in the workshop and it always keeps me entertained :)
 
Thanks Snow, I'll try that. And, no, I haven't seen anything odd yet.

So, does that mean you didn't see anything in the HijackThis report? Or were you just giving me general advice? I was under the impression that I shouldn't fix anything HijackThis tells me about until someone with some expertise reading those logs responds, telling me which elements were problematic.
 
Did I do something wrong in my post, or is this site no longer active?

No, it is still active and as far as I can tell you did nothing wrong. :). Because the TechSpot forums are strictly volunteer in nature responses are determined by a person's personal time factors. Plus, not everyone will respond on every forum. Someone with knowledge will respond when they can.
 
I lliked at your Malwarebytes log and your SAS log. I would suggest running SAS again and attach. It looks like MB first detected and then deleted a trojan and oother infections and second log is clean.

Are you experiencing any more issues?
 
Thank you, Route44. I ran SAS again, and it didn't find anything.

What about the original HijackThis output? Isn't that the log that I most need feedback on, since nothing inside of it was ever acted upon?
 
Hi, Mazzle. Your Malwarebytes and SAS look clean.

As fo Hijackthis, to be honest I have no experience reading them and thus I don't want to give any advice not based on sound knowledge. However, I did look at it and I didn't notice anything that looked suspicious, but again I am only being tentative at this point.

Are you experiencing any more issues and what is your security software?
 
After the infection came back the last few times I thought I had gotten rid of it, I've been a bit paranoid about using this machine. That said, I haven't noticed anything suspicious yet.

As for security software, I use McAfee Security Center.
 
Well if in the future you decide to change your security software there are better options than McAfee and some of those are free. You do use a router, correct?
 
Yes, I do indeed use a router. And, the main reason I use McAfee is that it is provided free with non-expiring updates by both my ISP (Comcast) and my university.
 
Status
Not open for further replies.
Back