i got a virus...HELP!

Corrine · 18 Sep 2010

Hi, Shadowed s0ul.

Your MBAM Log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4640

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/17/2010 3:45:20 PM
mbam-log-2010-09-17 (15-45-20).txt

Scan type: Quick scan
Objects scanned: 156722
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cyejicawajuri (Trojan.Agent.U) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> No action taken.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This time, scan with MBAM again but please do the following

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select [b]Quick scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Jacee · 18 Sep 2010

You have a variant of TDSS/TDL3.2x rootkit.

After you follow Corrine's instructions, download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

You will then need to extract the file(s) from the zipped folder.
To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish
Double click TDSSKiller.exe to begin.
Click Start scan and allow the tool to do just that.
Once the scan has completed, if the tool detects anything the default action is Cure - please click on that and change it to Skip.
Finally, click on Report and let us look at the contents of the text file that will open.

Shadowed s0ul · 19 Sep 2010

Jacee said:

You have a variant of TDSS/TDL3.2x rootkit.

After you follow Corrine's instructions, download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

You will then need to extract the file(s) from the zipped folder.
To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish
Double click TDSSKiller.exe to begin.
Click Start scan and allow the tool to do just that.
Once the scan has completed, if the tool detects anything the default action is Cure - please click on that and change it to Skip.
Finally, click on Report and let us look at the contents of the text file that will open.

lol, i think i had that one and removed it back in July. ok then

i scanned with TDSS killer and it says nothing 2xx files scanned and......what amazes me is that about 5 seconds later after i took the screen shot i got a blue screen (attached file has errror report after restart)....so that gives me that strange feeling the virus wants to stay there....also there is a screenshot of TDSS killer in the .zip file, i was going to press report for a screenie too and when i was in the middle of it BLUE SCREEN....plzzzz help

Jacee · 20 Sep 2010

Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article http://en.wikipedia.org/wiki/Rootkit

Shadowed s0ul · 20 Sep 2010

Jacee said:

Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article Rootkit - Wikipedia, the free encyclopedia

by clean you mean "legal" huh?, and will restoring before the spam started fix the problem? i know it removes documents and programs so wouldent this be the same situation???? ill try and see because 3/5 times it doesnt work but i might as well try right?

JDobbsy1987 · 20 Sep 2010

Shadowed s0ul said:

Jacee said:

Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article Rootkit - Wikipedia, the free encyclopedia

by clean you mean "legal" huh?, and will restoring before the spam started fix the problem? i know it removes documents and programs so wouldent this be the same situation???? ill try and see because 3/5 times it doesnt work but i might as well try right?

By clean I'm sure Jacee means completely installing windows 7 again and not doing a repair, this would wipe everything on your computer hence the reason for backing up all you work before you do it.

See this 'Clean' install tutorial for help:
Clean Install Windows 7

**EDIT**
But as you said Legal?... the answer is yes, make sure it is a legal copy/serial :)

Regards,
JDobbsy1987

Shadowed s0ul · 20 Sep 2010

JDobbsy1987 said:

Shadowed s0ul said:

Jacee said:

Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article Rootkit - Wikipedia, the free encyclopedia

by clean you mean "legal" huh?, and will restoring before the spam started fix the problem? i know it removes documents and programs so wouldent this be the same situation???? ill try and see because 3/5 times it doesnt work but i might as well try right?

By clean I'm sure Shadowed S0ul means completely installing windows 7 again and not doing a repair, this would wipe everything on your computer hence the reason for backing up all you work before you do it.

See this 'Clean' install tutorial for help:
Clean Install Windows 7

**EDIT**
But as you said Legal?... the answer is yes, make sure it is a legal copy/serial :)

Regards,
JDobbsy1987

yes 100% clean install, windows 7 ultimate came with the computer, straight from the dell/alienware store

JDobbsy1987 · 20 Sep 2010

Jacee is suggesting that you do a clean install, since you bought the computer you have been infected with a rootkit which quite rightly Jacee has said are not very nice

to ensure a stable and secure system in future Jacee is saying you are best to do a clean install.
Clean Install Windows 7

Back your files up first though as everything will be wiped clean.

Jacee · 20 Sep 2010

Yes, clean install and DVD that is legally yours :)

Jacee · 20 Sep 2010

If you have used a USB flash drive that's been shared with another compromized computer, then I'd toss that one and buy a new one.