We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
I have a serious infection
Options
Comments
-
Did you reboot?0
-
stick that prog on a usb penReplies to posts are always welcome, If I have made a mistake in the post, I am human, tell me nicely and it will be corrected. If your reply cannot be nice, has an underlying issue, or you believe that you are God, please post in another forum. Thank you0
-
Did you reboot?
Here is what i did. I done 3 scans in Safe Mode but nothing was removed. I then rebooted into normal mode and did another scan. It found and removed the infection (posted above) but then found this and didnt remove it. My system then crashed (bsod) so now im back in safe mode. this is the results of the scan in normal mode.
0 -
May be time to get those blank discs.0
-
OK Guys.. soz to have been slow in updating.. i think i now have a clean system but with a whole new set of issues..
Webroot Killed and removed the infection ' System disk class driver state' but not the second infection, found on the second scan, 'cdrom.sys'. So thought id give Mbam one more try before formatting the Hdd.
I rebooted into Safe mode and then downloaded Mbam onto the desktop, installed, updated, (until it said that i had the latest database) and then run a quick scan.
Scan completed sucessfully, :T as below.
I then ran another scan but this time a full scan:Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7807
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
27/09/2011 12:28:23
mbam-log-2011-09-27 (12-28-23).txt
Scan type: Quick scan
Objects scanned: 159942
Time elapsed: 5 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 42
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\***\AppData\Local\Temp\3302.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\4F48.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\603C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\B877.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1075510072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1251691884.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1285643104.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1314234476.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1317369352.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1322444416.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1354789264.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1485891576.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1745214080.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup1948188304.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2189639948.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2228263968.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2347215488.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2356543816.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2450512424.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2532194504.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup2680283804.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup309882472.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup3120854532.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup3213415248.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup3458551580.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup3488323112.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup3722520600.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup3903296424.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup4024210016.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup4092782816.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup415768400.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup4166016548.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup4206739620.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup44818332.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup54375280.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup563330540.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup790038544.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup811643864.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup894888688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\setup935700148.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\***\fen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\***\gen.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
Im not sure how Adobe Audition could have become infected as its a legal copy. So I then ran another scan:Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7807
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
27/09/2011 13:23:03
mbam-log-2011-09-27 (13-23-02).txt
Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 180005
Time elapsed: 53 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\***\AppData\Roaming\thinstall\adobe audition 3.0\4800000097500002i\Audition.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7808
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
27/09/2011 15:15:50
mbam-log-2011-09-27 (15-15-50).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 507210
Time elapsed: 1 hour(s), 35 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
So now to give the laptop a hard boot. Left it off for a couple of minutes and then booted into Normal mode.
The slow load process made me think that something wasnt right. Within a minute in normal mode it BSOD and rebooted.. it did this three times, so now im back in in Safe mode with a clean system but blue screening.. lol
Anyone any idea's how i can fix this or what may be causing the BSOD?
Thanks..
Would i be right in thinking that my system is now clean?0 -
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards