Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: i got a virus...HELP!

18 Sep 2010   #11
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, Shadowed s0ul.

Your MBAM Log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4640

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/17/2010 3:45:20 PM
mbam-log-2010-09-17 (15-45-20).txt

Scan type: Quick scan
Objects scanned: 156722
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cyejicawajuri (Trojan.Agent.U) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> No action taken.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This time, scan with MBAM again but please do the following
  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select [b]Quick scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.


** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


My System SpecsSystem Spec
.
18 Sep 2010   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You have a variant of TDSS/TDL3.2x rootkit.

After you follow Corrine's instructions, download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.
  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • Once the scan has completed, if the tool detects anything the default action is Cure - please click on that and change it to Skip.
  • Finally, click on Report and let us look at the contents of the text file that will open.
My System SpecsSystem Spec
19 Sep 2010   #13
Shadowed s0ul

Windows 8 BETA
 
 

Quote   Quote: Originally Posted by Jacee View Post
You have a variant of TDSS/TDL3.2x rootkit.

After you follow Corrine's instructions, download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.
  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • Once the scan has completed, if the tool detects anything the default action is Cure - please click on that and change it to Skip.
  • Finally, click on Report and let us look at the contents of the text file that will open.


lol, i think i had that one and removed it back in July. ok then


i scanned with TDSS killer and it says nothing 2xx files scanned and......what amazes me is that about 5 seconds later after i took the screen shot i got a blue screen (attached file has errror report after restart)....so that gives me that strange feeling the virus wants to stay there....also there is a screenshot of TDSS killer in the .zip file, i was going to press report for a screenie too and when i was in the middle of it BLUE SCREEN....plzzzz help


Attached Files
File Type: zip Video is in here.zip (1,015.3 KB, 3 views)
My System SpecsSystem Spec
.

20 Sep 2010   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article http://en.wikipedia.org/wiki/Rootkit
My System SpecsSystem Spec
20 Sep 2010   #15
Shadowed s0ul

Windows 8 BETA
 
 

Quote   Quote: Originally Posted by Jacee View Post
Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article Rootkit - Wikipedia, the free encyclopedia
by clean you mean "legal" huh?, and will restoring before the spam started fix the problem? i know it removes documents and programs so wouldent this be the same situation???? ill try and see because 3/5 times it doesnt work but i might as well try right?
My System SpecsSystem Spec
20 Sep 2010   #16
JDobbsy1987

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by Shadowed s0ul View Post
Quote   Quote: Originally Posted by Jacee View Post
Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article Rootkit - Wikipedia, the free encyclopedia
by clean you mean "legal" huh?, and will restoring before the spam started fix the problem? i know it removes documents and programs so wouldent this be the same situation???? ill try and see because 3/5 times it doesnt work but i might as well try right?
By clean I'm sure Jacee means completely installing windows 7 again and not doing a repair, this would wipe everything on your computer hence the reason for backing up all you work before you do it.

See this 'Clean' install tutorial for help:
Clean Install Windows 7

**EDIT**
But as you said Legal?... the answer is yes, make sure it is a legal copy/serial

Regards,
JDobbsy1987
My System SpecsSystem Spec
20 Sep 2010   #17
Shadowed s0ul

Windows 8 BETA
 
 

Quote   Quote: Originally Posted by JDobbsy1987 View Post
Quote   Quote: Originally Posted by Shadowed s0ul View Post
Quote   Quote: Originally Posted by Jacee View Post
Rootkits are a very serious infection. In my opinion, removing them gives you a false sense of security. The truth is, your computer will never be stable again.

If this was my computer, I would save my important Documents and pictures, then wipe and do a "Clean" install with Windows.

Please read this article Rootkit - Wikipedia, the free encyclopedia
by clean you mean "legal" huh?, and will restoring before the spam started fix the problem? i know it removes documents and programs so wouldent this be the same situation???? ill try and see because 3/5 times it doesnt work but i might as well try right?
By clean I'm sure Shadowed S0ul means completely installing windows 7 again and not doing a repair, this would wipe everything on your computer hence the reason for backing up all you work before you do it.

See this 'Clean' install tutorial for help:
Clean Install Windows 7

**EDIT**
But as you said Legal?... the answer is yes, make sure it is a legal copy/serial

Regards,
JDobbsy1987
yes 100% clean install, windows 7 ultimate came with the computer, straight from the dell/alienware store
My System SpecsSystem Spec
20 Sep 2010   #18
JDobbsy1987

Windows 8.1 Pro x64
 
 

Jacee is suggesting that you do a clean install, since you bought the computer you have been infected with a rootkit which quite rightly Jacee has said are not very nice

to ensure a stable and secure system in future Jacee is saying you are best to do a clean install.
Clean Install Windows 7

Back your files up first though as everything will be wiped clean.
My System SpecsSystem Spec
20 Sep 2010   #19
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Yes, clean install and DVD that is legally yours
My System SpecsSystem Spec
20 Sep 2010   #20
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

If you have used a USB flash drive that's been shared with another compromized computer, then I'd toss that one and buy a new one.
My System SpecsSystem Spec
Closed Thread

 i got a virus...HELP!




Thread Tools




Similar help and support threads
Thread Forum
Possible Memory Leak Virus - Anti-virus detects nothing?
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
Performance & Maintenance
how to fix / clean windows from ramnit virus and virut virus?
my windows infected ramnit virus and virut virus,how to clean them?
System Security
I have a virus and unable to run/download anti-virus software
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
RPC Virus message in Action Center, though the virus seems to be gone?
So I was managing my Laptop (Compaq Presario CQ57 with Windows Home Premium SP1) after a long time away from it, I left it in the care of a friend of mine, I noticed a few strange things. 1) I couldn't update Windows. 2) I couldn't turn ON my firewall 3) Windows Security Center was missing....
System Security
Want are the best afforable anti-virus for a trojan virus
what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:34.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App