Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Help Needed


31 Mar 2011   #1

Windows 7 Ultimate SP1 x64
 
 
Virus Help Needed

Just today I got an Virus on one of my home computers. It disabled MSE and disallows me from accessing any resources, running programs, or starting the task manager or system tools like cmd.

I can still access Safe Boot mode and ran MSE from safe boot, but the virus/ rouge AV is still on the computer, other than that It turns the desktop a blue color and floods my router with high pings, I can see this from router logs.

Here are some pics, I had to take them with my cell because it disabled the Snipping Tool.
Virus Help Needed-imag0049.jpg
Virus Help Needed-imag0050.jpg
Virus Help Needed-imag0051.jpg
Virus Help Needed-imag0052.jpg
Any help on removing this rouge AV would be much appreciated!



My System SpecsSystem Spec
.

31 Mar 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

boot in safe mode with networking
Safe Mode

If that keeps it from launching at that point you can download install and allow to update malwarebytes antimalware
Malwarebytes (free version)

Run a full scan and let it do it's thing and clean it out.
That should return you to a position where you can boot normally.

If you can't launch any applications the attached file should return that to normal (all this still needs to be done in safe mode.)


Attached Files
File Type: reg regfix.reg (910 Bytes, 16 views)
My System SpecsSystem Spec
31 Mar 2011   #3

Windows 7 Ultimate SP1 x64
 
 

I am able to boot into safe mode and am running a full scan with malwarebytes right now, I will post the log files as soon as it finishes.
My System SpecsSystem Spec
.


31 Mar 2011   #4

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

when it's done it will give you the option to clean up the mess it finds on the ...bottom right I believe, it's been so long since I was actually infected with anything I'm not sure I'm remembering that little detail right.

It does a great clean up job though.
It should get rid of the problem.
Worst case scenario is afterwards you'll need to use startup repair to get it booting right again.
Startup Repair

We don't want to use system restore right now though, as the restore files may actually contain the virus. Depending on how sneaky it was.
My System SpecsSystem Spec
31 Mar 2011   #5

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Maguscreed View Post
when it's done it will give you the option to clean up the mess it finds on the ...bottom right I believe, it's been so long since I was actually infected with anything I'm not sure I'm remembering that little detail right.

It does a great clean up job though.
It should get rid of the problem.
Worst case scenario is afterwards you'll need to use startup repair to get it booting right again.
Startup Repair

We don't want to use system restore right now though, as the restore files may actually contain the virus. Depending on how sneaky it was.
OK, Its been running the scan for about 35 minutes now, I have used MalwareBytes before and I know what you mean about having to go back and deleting the files because it Quarantines them.
My System SpecsSystem Spec
31 Mar 2011   #6

Windows 7 Ultimate SP1 x64
 
 

I successfully managed to remove the infected files, I have included the log files, I ran a quick scan first and then a full scan.
mbam-log-2011-03-31 (20-00-54).txt
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/31/2011 8:00:54 PM
mbam-log-2011-03-31 (20-00-54).txt

Scan type: Quick scan
Objects scanned: 154371
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\fCd16633iHkPb16633 (Trojan.Agent.Gen) -> Value: fCd16633iHkPb16633 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\fcd16633ihkpb16633\fcd16633ihkpb16633.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\basa\local settings\temporary internet files\Content.IE5\ZWQ3XI6W\download[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
mbam-log-2011-03-31 (20-47-25).txt
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6231

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/31/2011 8:47:25 PM
mbam-log-2011-03-31 (20-47-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 269605
Time elapsed: 41 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\basa\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\60IKWZ5T\antispy2011setup[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\basa\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\N6JD1KBM\antispy2011setup[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\basa\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\N6JD1KBM\antispy2011setup[2].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.


My System SpecsSystem Spec
01 Apr 2011   #7

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Here are a couple of other options in case Malwarebytes doesn't get it out of the system. Even if MB does remove it, it would be a good idea to run your AV or these tools and do a full system scan while disconnected from the net. Once you get a virus, it's hard to tell how much of it is left behind. And unfortunately, even one tiny file can cause it to come back and reinstall.

Microsoft Windows Malicious Software Removal Tool

Download details: Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

Norton Power Eraser

http://security.symantec.com/nbrt/np...origin=default
My System SpecsSystem Spec
01 Apr 2011   #8

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Hi ionbasa,

Looks like Malwarebytes did the trick - its very good software.

As an additional check, can I suggest performing an online scan using the ESET on-line scanner? This just helps to give some comfort that nothing has slipped through the cracks.

Regards,
Golden
My System SpecsSystem Spec
01 Apr 2011   #9

Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
 
 

Below is courtesy of JACEE!


I just copied and pasted.
You can run it in safe mode with network if needed.
Also when done you can leave the download which is definitions on your PC and next time it will just update definitions and run.
Much quicker if needed again later.
First time I used it was for testing. The second time I was actually doing a virus check as you would be doing.
Saved 5-10 minutes on second run.
Mike


See if Eset finds anything ...
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
01 Apr 2011   #10

Windows 7 Ultimate SP1 x64
 
 

okay, Thank you for all the help, MB fixed it and than ran eset and all was clean.
My System SpecsSystem Spec
Reply

 Virus Help Needed




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:21 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33