CPU Usage 100% ~ Help

[ArtG818]

That just means that the CPU is 98% idle. Nothing taking up CPU cycles at the moment.

JohnnyA

Oh and i though its taking up 98% of the cpu -_-
Thanks.

 

[EzioAuditore]

OK, thanks.

Let us know what the results are.

Regards,
GEWB

Most Certainly
and I just came across this .... lol

EDIT: and came across this SVhost.exe

Your surely infected. Its not svhost.exe, its svchost.exe under %windir%\System32\svchost.exe

I wonder why MBAM flagged it as Reserved Word Exploit, there's no legit file named svhost.exe, the alias should have been something else. :sarc:

 

[nitraxx]

Yeah I am not sure either
But almost 3 hours in the scan.. total of 47 infected items

it should be done any time now, i ll post the logs once it's done.
when i ran this last time, I got like 2 infected items now it completely changed lol..:shock:

 

[johnnya]

Still looking good. Always a good idea to update Malwarebytes before running as they are constantly updating their threat tables. Even if this seems to solve your current problem, I would once again update and run the program until you get a clean bill of health. It's a bit like peeling an Onion, you get one layer off and this exposes another layer.
JohnnyA

 

[nitraxx]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5121

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/15/2010 5:20:44 PM
mbam-log-2010-11-15 (17-20-44).txt

Scan type: Quick scan
Objects scanned: 145365
Time elapsed: 15 minute(s), 16 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 12
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 136

Memory Processes Infected:
C:\Users\Felipe\AppData\Roaming\Server.exe (Heuristics.Shuriken) -> Unloaded process successfully.
C:\Users\Felipe\AppData\Roaming\svchost.exe (Heuristics.Shuriken) -> Unloaded process successfully.
C:\Users\Felipe\AppData\Roaming\3.7shades.exe (Trojan.Scar.Gen) -> Unloaded process successfully.
C:\Users\Felipe\AppData\Roaming\taskeng.exe (Trojan.LVBP) -> Unloaded process successfully.
C:\Users\Felipe\AppData\Roaming\Defender.exe (Trojan.Scar.Gen) -> Unloaded process successfully.
C:\Users\Felipe\AppData\Local\Temp\explorer.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\Felipe\AppData\Roaming\lsass.exe (Trojan.Delf) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08o3o26h-8g74-3p31-apmv-623cla2g5671} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5236pi38-x546-ja0p-47j1-1b50o52hvnb7} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{52im8pdh-k0ba-6db0-05tl-eq7w1016pa40} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ls6m8147-86m6-ykpj-5mfd-fd8cs8ha74g4} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{s7dx0th4-8xvs-0p38-ta87-h8g40143t8ih} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{sxrbq42x-i7l3-u632-0y3b-30svy1rj564q} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{xq881j2h-07ya-wrbn-4p25-xn85w68vyevt} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{xq881j2h-07ya-wrbn-4p25-xn85w68vyevt} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Firefox (Backdoor.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\blank (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\blank (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svchost (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windefend (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update system (Trojan.LVBP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows hosting service login (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows defense service (Trojan.Pincav) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\dram prosessor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft configuration (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Delf) -> Data: c:\users\felipe\appdata\roaming\lsass.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Users\Felipe\AppData\Roaming\lsass.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\Felipe\AppData\Roaming\Svchost (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\directory\CyberGate (Trojan.PWS) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install (Trojan.PWS) -> Quarantined and deleted successfully.

Files Infected:
C:\dir\install\install\server.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Windows\install\HWID.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WinDir\Svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Windows\System32\svchost\Svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Windows\System32\install\Svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Windows\System32\Winlog\Winlogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\Server.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\svchost.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\3.7shades.exe (Trojan.Scar.Gen) -> Delete on reboot.
C:\Users\Felipe\AppData\Roaming\taskeng.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\Defender.exe (Trojan.Scar.Gen) -> Delete on reboot.
C:\Users\Felipe\AppData\Local\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\WinDefend.exe (Trojan.Pincav) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\987654.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\needcrypt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\stealunc.exe (PWS.Dybalom) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\winlogon.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\Microsoft\Run.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\Microsoft\svchost.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\11204.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\11718139_Crypted.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\11800.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\11914966_Crypted.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\12238.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\1408.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\14639.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Sony_Scan_182716.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\svm.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\raw.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Cryptedshades.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\det.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\UpdatescannerSetup.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\build___G_Zero.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Built.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\crypted2.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\done.exe (Trojan.Ircbrute) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\ed.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\9179.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\9223.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\93755.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\94295.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\96040.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\98506.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\n2m8.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\60039.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\6120.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\61976.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\65441.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\66007.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Pkersserverinfectwiththis.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\xrBot.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\tkxservs.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\35951.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\3939.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\40750.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\42999.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\43875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\d997183565c111f84cbc7d5bbc0cd4b0.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Kb1218.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\82999.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\83868.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\85547.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\89132.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\89961.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\22684.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\23447.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\23499.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\24631.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\24819.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\28967.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\insansa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\install-0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\install-1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\istealerserver.exe (PWS.Dybalom) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\15062.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\15765.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\17012.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\17548.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\20239.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\21208.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\521.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\52537.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\54303.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\54605872_updatescan (1).exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\54807.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\57121.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\69340.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\72316.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\74893.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\32376.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\323884.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\32914.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\33181.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\33633.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\Hello123.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\server.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\48362.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\4848.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\48509.exe (Trojan.Scar.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000005D654C09754E5BCC20 (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP00001118533A3568AE2AB8C4 (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000000ACA3AB896C3A41B11 (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000000DAE0B4276728E7C2A (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP00000010E8434D437F7790A1 (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP00000026E824DA6D3BDFACE2 (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP00000031FADAE24D447871B5 (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000004718C83C80B4F593FD (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\Temp\history\firefox.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\Svchost\server.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\Svchost\Svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe\cleansweepupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install\server.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\lsass.exe (Trojan.Delf) -> Delete on reboot.
C:\Users\Felipe\AppData\Roaming\qghumeaylnlfdxfircvs85.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\WinDefender.exe (Trojan.Keylogger) -> Delete on reboot.
C:\install\server.exe (Trojan.SpyNet) -> Quarantined and deleted successfully.
C:\Windows\System32\import53an35ygsfsgftdoc.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\bot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\test.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\WinDefender.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
C:\Users\Felipe\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Felipe\Templates\BWVxf.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\Templates\dzxaI.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\Templates\yVUvd.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Local\Temp\msconfig.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Felipe\AppData\Roaming\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

------------------------------------------------

I am now idleing at around 5-10% of CPU Usage... and here is my new task manager:

 

[gregrocker]

I'd uninstall your AV and install free Avast5 for real-time protection, then immediately schedule a Boot Scan and restart to get anything which was hiding in System Files during scans.

Afterwards repeat Malwarebytes and Avast until it is clean, then weekly.

If infection continues to resurface, you'll need to wipe the HD and clean reinstall using your Recovery Disks or a Win7 installer for your version. http://www.sevenforums.com/installation-setup/125874-re-install-windows-7-a.html#post1086729

Run Avast or MSE permanently with the Win7 Firewall kept updated.

 

[nitraxx]

I'd uninstall your AV and install free Avast5 for real-time protection, then immediately schedule a Boot Scan and restart to get anything which was hiding in System Files during scans.

Afterwards repeat Malwarebytes and Avast weekly until it is clean.

If infection continues to resurface, you'll need to wipe the HD and clean reinstall using your Recovery Disks or a Win7 installer for your version. http://www.sevenforums.com/installation-setup/125874-re-install-windows-7-a.html#post1086729

Run Avast or MSE permanently with the Win7 Firewall kept updated.

Yeah. I am doing a mjor clean up with my computer. Taking out stupid crap. Changing start up programs so everything just loads faster. I am uninstalling AV and going to get the newest avast and running a boot scan tonight to take out anything hidden.

Thanks a lot for you're guys help... every time I have a problem I come here and I come out a happy guy. THANK YOU VERY MUCH

 

[johnnya]

I'm a little confused looking at your Malwarebytes Log. All items show "No action taken"? Did you tell it to fix all? Glad we have been able to help you out so far.
Regards
JohnnyA

 

[ArtG818]

So how many RAM usage are you getting now?

 

[EzioAuditore]

Your logs show No action taken. Please re-run MBAM and at the infected objects list, click Select All and Remove selected. Reboot when prompted. Post the new log.

 

[nitraxx]

Sorry I did not realize I posted the wrong one lol...

^^^^ I edited the one above

 

[EzioAuditore]

Hehe.. CyberGate, huh??? Either you used it yourself and get infected in the process or you've been tricked by any of your friend into running the server.exe file.

C:\Users\Felipe\AppData\Roaming\Server.exe (Heuristics.Shuriken) -> Unloaded process successfully.
C:\directory\CyberGate (Trojan.PWS) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install (Trojan.PWS) -> Quarantined and deleted successfully.

By the way, you've lot of mess there including backdoor trojan.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers until it is cleaned.
• Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
• Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
• From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups


http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html


However, if you'd not like to do a clean install, please do the following.

Download TFC to your desktop.

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

 

[gregrocker]

Reformatting erases nothing and leaves infected code on the disk.

When you're ready to reinstall the disk should be wiped with at least one set of zeroes using Diskpart "Clean All" command: http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html

 

[EzioAuditore]

Reformatting erases nothing and leaves infected code on the disk.

When you're ready to reinstall the disk should be wiped with at least one set of zeroes using Diskpart "Clean All" command: http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html

Was this meant to me? If yes, sorry for that as that was my canned speech for backdoor.
But I do included the Re-installation tutorial by BFK.

 

[nitraxx]

what if it says it's cleaned
am i still at risk? I don't have any personal bank,checking,car stuff saved in here. this is mostly for research/gaming,etc.

what else could i do to prevent this from happening in the future?

ALSO: i dl the TFC and i can't open it :\

 

[EzioAuditore]

what if it says it's cleaned
am i still at risk? I don't have any personal bank,checking,car stuff saved in here. this is mostly for research/gaming,etc.

In that case, you're good to go, Just change your passwords of forums and emails.

what else could i do to prevent this from happening in the future?

Delete your old restore points.

Right click Computer>Properties>Advanced system settings>System Protection Tab, select the drive(s) on which System restore is enabled, click configure>Turn Off System Restore. Apply>OK>OK. Reboot.
Follow the above steps again and select the first option after clicking Configure, specify the amount of disk space to be used for system restore, Apply>OK.
Now select System drive and click 'Create' and name it for eg., 'Clean' and then OK.


Please read the following information that I have provided, which will help

you prevent malicious software in the future. Please keep in mind, malware is

a continuous danger on the Internet. It is highly important to stay safe

while browsing, to prevent re-infection.

Software recommendations

Free Antivirus

*Microsoft Security

Essentials: this is Microsoft's free antivirus/antispyware program. It

equips you with protection against viruses, spyware, trojans, rootkits, and

worms. It is also light on the computer's performance. Note: when installing

this, you have both an antivirus and antispyware. Make sure you also get a

firewall.
*AVG Free: this is one of the most

powerful, and easiest to use security software. The free version equips you

with protection against viruses, spyware, trojans, rootkits, worms, and

rogue software. Note: when installing this, you have both an antivirus and

antispyware. Make sure you also get a firewall.
* Avast!: This is an advanced malware

removal antivirus program. The free version equips you with protection

against viruses, spyware, trojans, rootkits, worms, and rogue software.
*Avira Antivir: this is an advanced

malware removal antivirus program. The free version equips you with

protection against viruses, spyware, trojans, rootkits, worms, and rogue

software.
*Rising Antivirus: this is a

lightweight, and great virus destroyer. It removes tough viruses, and even

rootkits and trojans get destroyed.



AntiSpyware

• 
  
  SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your
  
  computer. A tutorial on using SpywareBlaster may be found
  
  here.
• 
  
  Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also
  
  has realtime protection, TeaTimer to help safeguard your computer against
  
  spyware. (The link for Spybot - Search & Destroy contains a tutorial that will
  
  help you download, install, and begin using Spybot).

Anti Malware

*Malwarebytes' Anti-Malware

* is a great malware removal program. It is recommended for anyone's

arsenal. There is a paid version, which is highly recommended, but the

program will work fully for free.

Firewall


*

Tallemu Online Armor: The free version is just as good as the

premium. I have linked you to the free version.
* Comodo Firewall:

the free version is just as good as the premium. I have linked you to the free

version. The optional security suite enhances the firewall by 40% increase. If

you would like to install the suite that includes antivirus, then remove your

old antivirus first.
* PC Tools Firewall Plus: Free

and excellent firewall.

NOTE: Please keep ALL of these programs up-to-date and run

them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run

the resident protection of one of each type of program to maintain

protection. However, it is important to run only one resident program

of each type since they can conflict and become less effective. That means

only one antivirus, firewall, and scanning anti-spyware program at a

time. Passive protectors such as SpywareBlaster can be run with any of

them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving

them your money and some malware actually claims to be security

programs. If you get a popup for a security program that you did not install

yourself, do NOT click on it and ask for help immediately. It is very important

to run an antivirus and firewall, but you can't always rely on reviews and ads

for information. Ask in a security forum that you trust if you are not sure. If

you are unsure and looking for anti-spyware programs, you can find out if it

is a rogue here:
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites

Securing your computer

• Windows Updates - It is
  
  very important to make sure that both Internet Explorer and Windows
  
  are kept current with the latest critical security patches from
  
  Microsoft. To do this just start Internet Explorer and select Tools >
  
  Windows Update, and follow the online instructions from there.
• ******* file replaces your current
  
  HOSTS file with one containing well known ad sites and other bad sites. This
  
  prevents your computer from connecting to those sites by redirecting them
  
  to 127.0.0.1, which is your local computer's loopback address, meaning it
  
  will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being

generally more secure than Internet Explorer, it has a very good built-in

popup blocker and add-ons, like NoScript, can make it even more secure.

Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: Mozilla | Firefox web browser & Thunderbird email client
• Opera is available here: Opera Web Browser | Faster & safer | Download the new Internet browsers free
• Google Chrome is available here:
  
  Google Chrome
• SRWare Iron is available here:
  
  
  
  SRWare Iron

Virtualization
Please consider using virtualization software to prevent permanent changes

to other programs and data in your computer. Some examples are below:

Application level virtualization (For regular users)

*Sandboxie-Sandboxie runs

your programs in an isolated space which prevents them from making

permanent changes to other programs and data in your computer.

​

Benefits of the Isolated Sandbox
* Secure Web Browsing: Running your Web browser under the protection

of Sandboxie means that all malicious software downloaded by the browser

is trapped in the sandbox and can be discarded trivially.

* Enhanced Privacy: Browsing history, cookies, and cached temporary

files collected while Web browsing stay in the sandbox and don't leak into

Windows.

* Secure E-mail: Viruses and other malicious software that might be hiding

in your email can't break out of the sandbox and can't infect your real

system.

* Windows Stays Lean: Prevent wear-and-tear in Windows by installing

software into an isolated sandbox.

System level virtualization (For advanced users)

*VirtualBox- VirtualBox is a powerful

x86 and AMD64/Intel64 virtualization product for enterprise as well as home

use. VirtualBox is an extremely feature rich and high performance product .

*

Wondershare Time Freeze-Virtual system safeguards real system
# Easy switch between virtual system and real system: To enter virtual

system, you don't need to reboot computer; to return to real system, just

exit System Protection, and you can save or discard virtual system data

freely.
# Effective virtual system tool: Time Freeze creates a virtual environment as a

twin (copy) of the real system, on which you evaluate applications, watch

movies, and perform online activities. While the real system is under

protection, you no longer have to worry about viruses, spyware, malware

and other threats.
# MBR protection: Time Freeze 2.0.3 enhanced protection to the boot sector

of hard disk so as to guarantee the normal startup of system.


Happy surfing and stay clean!

ALSO: i dl the TFC and i can't open it :\

What error your getting?

 

[nitraxx]

thanks
It just doesn't open at all... I click yes for permission and then shows loading but then nothing opens..

 

[gregrocker]

Reformatting erases nothing and leaves infected code on the disk.

When you're ready to reinstall the disk should be wiped with at least one set of zeroes using Diskpart "Clean All" command: http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html

Was this meant to me? If yes, sorry for that as that was my canned speech for backdoor.
But I do included the Re-installation tutorial by BFK.

Indeed you did Ezio. I am only underscoring that formatting alone is false security since it leaves infected code on the HD and erases nothing.

Your advice here is some of the most thorough I've seen for disinfecting and protecting against reinfection.

+ Rep.

 

[EzioAuditore]

thanksIt just doesn't open at all... I click yes for permission and then shows loading but then nothing opens..

Try Right clicking and running that as 'Run as admin'.If that doesn't work, try this-Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.NOTE- Vista/7 users right click and Run as admin.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you wouldlike to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at thetop and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you wouldlike to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

 

[EzioAuditore]

Reformatting erases nothing and leaves infected code on the disk. When you're ready to reinstall the disk should be wiped with at least one set of zeroes using Diskpart "Clean All" command: http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html

Was this meant to me? If yes, sorry for that as that was my canned speech for backdoor. But I do included the Re-installation tutorial by BFK.

Indeed you did Ezio. I am only underscoring that formatting alone is false security since it leaves infected code on the HD and erases nothing. Your advice here is some of the most thorough I've seen for disinfecting and protecting against reinfection. + Rep.

Thank You!