C:\Windows\System32\drivers\zdxooibu.sys (Rootkit.Agent) and Trojan Hiloti

[TBLWNSC04]

Cable company security called me and made me aware of this virus, malware. I could not get cleaned by malwarebytes as it came back when I rescanned. I was told by cable security that the only option was to get out the recovery disk and restore the whole system. Trying to get a second opinion. Any help would help all of us.Was told this was a new virus......Logs are as follows from Malwarebytes and SAS. Combo-Fix?




Malwarebytes' Anti-Malware 1.44
Database version: 3641
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/26/2010 5:02:56 PM
mbam-log-2010-01-26 (17-02-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 263571
Time elapsed: 1 hour(s), 23 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\11582522 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Users\Brian-Notebook\AppData\Local\rvorxi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\zdxooibu.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Brian-Notebook\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Brian-Notebook\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.


SAS found rogue agent/gen HKLM Software #11582522

Any help would be appreciated.

 

[protecterstouch]

Try using avast free edition i find sometimes what one virus scanner cant get another might be able to. If all else fails back up whatever clean files you can and just do a reformat and reinstall of windows. It never hurts to format the windows drive every once in a while.

 

[TBLWNSC04]

Thank you. I will try Avast. Malwarebytes seemed to pick it up, but couldn't remove. Superantispyware didn't pick it up, but in Mozilla was where it was found. The funny thing is myspybot and windows defender warned me, but they could not clean up which tells me this is a new virus. The things I have are Microsoft Word, Excel, photos,and some music. Anyway to tell if they are infected? It doesn't look like it from the log. Also, any recommendations for a more powerful firewall? Should I put my system internet security level on high? Can combo fix clean this up?

 

[TBLWNSC04]

I tried downloading Avast and my screen went blue and had problems starting up. I had to go to before I started through device manager. No luck, this virus is a beast. Need to find recovery cd. Any idea what caused this breach? Unsafe browser?

 

[protecterstouch]

Firefox is very safe it might have just been a file you downloaded. I think a reformat is definatly a good route to take.