We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Cant remove these virus
Mistaken
Posts: 55 Forumite
My computer is infected with the following virus. I have tried to remove them but they just keep re-appearing. Exactly the same ones.
I have Kaspersky internet security always running and that detects nothing.
The only program I have found to detect them is Malwarebytes Anti-malware which shows the log as below. It tries to remove them. The next couple of scans show clear but they always return again within a few hours.
I have ran spybot in safemode which didn't detect anything, and also I tried AD aware but my computer froze with that program.
Below is the log from Malwarebytes.
Please help....
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01/10/2015
Scan Time: 06:21
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.10.01.01
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: #######
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297866
Time Elapsed: 19 min, 20 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 5
Adware.ChinAd, c:\users\######\documents\ldt, , [facbcc85602b89adae54e853d62e3ac6],
Adware.Foxicle, c:\users\######\documents\foxicle, , [aa1bf0611378cd69100949b913f06898],
Trojan.Banker, c:\users\######\documents\orqwroip, , [4184074a99f257dfea4f3ecbbc479f61],
Trojan.Banker, c:\users\######\documents\bkvnkvnj, , [7154c68bdbb00c2af60b45c5828131cf],
PUP.Optional.ArcadeYum, c:\users\######\documents\{8c1a49e6-2f7f-40e3-923f-5de549caf021}, , [8540a8a9cbc01c1aa78e8888b1523ac6],
Files: 33
Trojan.Agent.AI, c:\users\######\documents\msdcsc\idk.exe, , [487daba66823b680cbf8f45cdb2850b0],
Backdoor.Agent.E, c:\users\######\documents\services\vhost.exe, , [586d9cb5404be2548aee0e46d52ee719],
Malware.Trace, c:\users\######\documents\my videos\pulgconfig.log, , [eadbb49ddcaf8da91073263c52b1c63a],
Trojan.Agent, c:\users\######\documents\kbtzd2010.cpl, , [388d3c15d8b39c9a21ed630a50b356aa],
Trojan.Agent, c:\users\######\documents\tzdshell.bin, , [299c70e1ccbf71c5000f89e42fd453ad],
Trojan.Agent, c:\users\######\documents\tzd.bin, , [4184cb86c9c269cd65ab432a63a00ef2],
Trojan.Agent, c:\users\######\documents\windows\winhelp.exe, , [d0f581d08dfe89ad282bcabc27dc8080],
Worm.FoolCase, c:\users\######\documents\cantik.scr, , [ccf9f160fb903402f7cd2889f112c937],
Worm.FoolCase, c:\users\######\documents\nitip dulu jangan dihapus.scr, , [0eb77ed3ef9cd95d8243d5dc8c771ae6],
Malware.Trace, c:\users\######\documents\server\admin.txt, , [a322054c5833d75f6462f7baf50efc04],
Malware.Trace, c:\users\######\documents\server\server.dat, , [8045450c96f50b2b1daa6b4601023fc1],
Worm.FoolCase, c:\users\######\documents\smansa_pkp .scr, , [5b6af061e4a71a1c6662a60bcb3852ae],
Worm.FoolCase, c:\users\######\documents\tanjung pesona.scr, , [bb0ad978a6e5dc5ac108238e3bc86a96],
Worm.AutoRun, c:\users\######\documentsautorun.inf, , [3d8868e90b8059dd28a2fab7b84b56aa],
Worm.AutoRun, c:\users\######\documentsread1st.exe, , [12b3e8692b60fd39b417822f33d0a25e],
Trojan.Backdoor, c:\users\######\documents\lol.exe, , [1baab49db3d853e38cdc14e120e3f709],
Adware.Kraddare, c:\users\######\documents\usase.exe, , [cef7440daedd37ffb2a43fbe18eba55b],
Trojan.Agent, c:\users\######\documents\win32sta.dll, , [70558bc6503bd0665bc48c7311f21ee2],
Trojan.Agent, c:\users\######\documents\svchost.exe, , [8342aca517748da935cf5eb2778d10f0],
Trojan.Ransom, c:\users\######\documents\dll, , [23a22b26ff8c191dee1a17fb7094a759],
Trojan.Agent, c:\users\######\documents\svchast.exe, , [4a7b133eeaa1c4729e7e39ddc63e28d8],
Adware.ChinAd, c:\users\######\documents\ldt\ldtframe.cfg, , [facbcc85602b89adae54e853d62e3ac6],
Adware.ChinAd, c:\users\######\documents\ldt, , [facbcc85602b89adae54e853d62e3ac6],
Backdoor.Bot, c:\users\######\documents\ttaskmgr\ttaskmgr.exe, , [6164f65b474444f220f80872030101ff],
Trojan.Agent, c:\users\######\documents\commondata\winhlp31.exe, , [cdf83d14d6b5112546a290eaef1508f8],
Trojan.Agent, c:\users\######\documents\sen.exe.exe, , [527361f0eaa1be78f6d28800c63ebc44],
Trojan.Agent, c:\users\######\documents\systeminfo.exe, , [3095a5ac3259e84e858031a513f1ec14],
Trojan.Agent, c:\users\######\documents\user.exe, , [fdc89bb618730b2bb84ef5e162a29d63],
Trojan.FakeAV, c:\users\######\documents\rmactivate_isv.exe, , [992cd978a9e2dd59cbfa9445917307f9],
Adware.Foxicle, c:\users\######\documents\foxicle, , [aa1bf0611378cd69100949b913f06898],
Trojan.Banker, c:\users\######\documents\orqwroip, , [4184074a99f257dfea4f3ecbbc479f61],
Trojan.Banker, c:\users\######\documents\bkvnkvnj, , [7154c68bdbb00c2af60b45c5828131cf],
PUP.Optional.ArcadeYum, c:\users\######\documents\{8c1a49e6-2f7f-40e3-923f-5de549caf021}, , [8540a8a9cbc01c1aa78e8888b1523ac6],
Physical Sectors: 0
(No malicious items detected)
(end)
I have Kaspersky internet security always running and that detects nothing.
The only program I have found to detect them is Malwarebytes Anti-malware which shows the log as below. It tries to remove them. The next couple of scans show clear but they always return again within a few hours.
I have ran spybot in safemode which didn't detect anything, and also I tried AD aware but my computer froze with that program.
Below is the log from Malwarebytes.
Please help....
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01/10/2015
Scan Time: 06:21
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.10.01.01
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: #######
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297866
Time Elapsed: 19 min, 20 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 5
Adware.ChinAd, c:\users\######\documents\ldt, , [facbcc85602b89adae54e853d62e3ac6],
Adware.Foxicle, c:\users\######\documents\foxicle, , [aa1bf0611378cd69100949b913f06898],
Trojan.Banker, c:\users\######\documents\orqwroip, , [4184074a99f257dfea4f3ecbbc479f61],
Trojan.Banker, c:\users\######\documents\bkvnkvnj, , [7154c68bdbb00c2af60b45c5828131cf],
PUP.Optional.ArcadeYum, c:\users\######\documents\{8c1a49e6-2f7f-40e3-923f-5de549caf021}, , [8540a8a9cbc01c1aa78e8888b1523ac6],
Files: 33
Trojan.Agent.AI, c:\users\######\documents\msdcsc\idk.exe, , [487daba66823b680cbf8f45cdb2850b0],
Backdoor.Agent.E, c:\users\######\documents\services\vhost.exe, , [586d9cb5404be2548aee0e46d52ee719],
Malware.Trace, c:\users\######\documents\my videos\pulgconfig.log, , [eadbb49ddcaf8da91073263c52b1c63a],
Trojan.Agent, c:\users\######\documents\kbtzd2010.cpl, , [388d3c15d8b39c9a21ed630a50b356aa],
Trojan.Agent, c:\users\######\documents\tzdshell.bin, , [299c70e1ccbf71c5000f89e42fd453ad],
Trojan.Agent, c:\users\######\documents\tzd.bin, , [4184cb86c9c269cd65ab432a63a00ef2],
Trojan.Agent, c:\users\######\documents\windows\winhelp.exe, , [d0f581d08dfe89ad282bcabc27dc8080],
Worm.FoolCase, c:\users\######\documents\cantik.scr, , [ccf9f160fb903402f7cd2889f112c937],
Worm.FoolCase, c:\users\######\documents\nitip dulu jangan dihapus.scr, , [0eb77ed3ef9cd95d8243d5dc8c771ae6],
Malware.Trace, c:\users\######\documents\server\admin.txt, , [a322054c5833d75f6462f7baf50efc04],
Malware.Trace, c:\users\######\documents\server\server.dat, , [8045450c96f50b2b1daa6b4601023fc1],
Worm.FoolCase, c:\users\######\documents\smansa_pkp .scr, , [5b6af061e4a71a1c6662a60bcb3852ae],
Worm.FoolCase, c:\users\######\documents\tanjung pesona.scr, , [bb0ad978a6e5dc5ac108238e3bc86a96],
Worm.AutoRun, c:\users\######\documentsautorun.inf, , [3d8868e90b8059dd28a2fab7b84b56aa],
Worm.AutoRun, c:\users\######\documentsread1st.exe, , [12b3e8692b60fd39b417822f33d0a25e],
Trojan.Backdoor, c:\users\######\documents\lol.exe, , [1baab49db3d853e38cdc14e120e3f709],
Adware.Kraddare, c:\users\######\documents\usase.exe, , [cef7440daedd37ffb2a43fbe18eba55b],
Trojan.Agent, c:\users\######\documents\win32sta.dll, , [70558bc6503bd0665bc48c7311f21ee2],
Trojan.Agent, c:\users\######\documents\svchost.exe, , [8342aca517748da935cf5eb2778d10f0],
Trojan.Ransom, c:\users\######\documents\dll, , [23a22b26ff8c191dee1a17fb7094a759],
Trojan.Agent, c:\users\######\documents\svchast.exe, , [4a7b133eeaa1c4729e7e39ddc63e28d8],
Adware.ChinAd, c:\users\######\documents\ldt\ldtframe.cfg, , [facbcc85602b89adae54e853d62e3ac6],
Adware.ChinAd, c:\users\######\documents\ldt, , [facbcc85602b89adae54e853d62e3ac6],
Backdoor.Bot, c:\users\######\documents\ttaskmgr\ttaskmgr.exe, , [6164f65b474444f220f80872030101ff],
Trojan.Agent, c:\users\######\documents\commondata\winhlp31.exe, , [cdf83d14d6b5112546a290eaef1508f8],
Trojan.Agent, c:\users\######\documents\sen.exe.exe, , [527361f0eaa1be78f6d28800c63ebc44],
Trojan.Agent, c:\users\######\documents\systeminfo.exe, , [3095a5ac3259e84e858031a513f1ec14],
Trojan.Agent, c:\users\######\documents\user.exe, , [fdc89bb618730b2bb84ef5e162a29d63],
Trojan.FakeAV, c:\users\######\documents\rmactivate_isv.exe, , [992cd978a9e2dd59cbfa9445917307f9],
Adware.Foxicle, c:\users\######\documents\foxicle, , [aa1bf0611378cd69100949b913f06898],
Trojan.Banker, c:\users\######\documents\orqwroip, , [4184074a99f257dfea4f3ecbbc479f61],
Trojan.Banker, c:\users\######\documents\bkvnkvnj, , [7154c68bdbb00c2af60b45c5828131cf],
PUP.Optional.ArcadeYum, c:\users\######\documents\{8c1a49e6-2f7f-40e3-923f-5de549caf021}, , [8540a8a9cbc01c1aa78e8888b1523ac6],
Physical Sectors: 0
(No malicious items detected)
(end)
0
Comments
-
I've found the Avast Rescue Disc to be really good at getting those "hard to reach" viruses!
You need (another?) PC with Avast installed, then choose the Rescue Disc option to create a bootable CD/DVD/USB stick, and boot the affected machine using that.
You could also try running Anti-Malware and your anti-virus in safe mode.
And adwCleaner is pretty good at cleaning up browser-related infections:
https://toolslib.net/downloads/viewdownload/1-adwcleaner/0 -
1. do a full windows disk clean-up
2. run CCleaner (cleaner and registry parts)
3. adwcleaner
4. JRT
5. MBAM
6. manually reset your browsers (and internet connection to check for a proxy server)
If you don't clean all temp files first, you'll just be re-infecting yourself.... if that lot doesn't clear it out, you'll probably need to run Combofix.........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Set malwarebytes to detect for rootkits as well, it's normally switched off by default:Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
Personally, after such a bad infection, I'd rescue what data files I could (using live Linux) then erase the HDD and re-install windows.Science isn't exact, it's only confidence within limits.0 -
I think you can scan your computer with emsisoft emergency kit . it is free and I think It will be helpful for you0
-
Fightsback wrote: »Set malwarebytes to detect for rootkits as well, it's normally switched off by default:
Personally, after such a bad infection, I'd rescue what data files I could (using live Linux) then erase the HDD and re-install windows.
I have changed the settings in Malwarebytes to scan for rootkits and ran a scan in safe mode. This scan found over 300 infections.
So far (fingers crossed) since doing this all other scans have shown clean. Thank you0 -
1. do a full windows disk clean-up
2. run CCleaner (cleaner and registry parts)
3. adwcleaner
4. JRT
5. MBAM
6. manually reset your browsers (and internet connection to check for a proxy server)
If you don't clean all temp files first, you'll just be re-infecting yourself.... if that lot doesn't clear it out, you'll probably need to run Combofix...
I would highly recommend following GunJacks advice to run AdwCleaner and JRT also. I have created links to both of them for you.I have changed the settings in Malwarebytes to scan for rootkits and ran a scan in safe mode. This scan found over 300 infections.
So far (fingers crossed) since doing this all other scans have shown clean. Thank you0 -
Fightsback wrote: »Set malwarebytes to detect for rootkits as well, it's normally switched off by default:
Personally, after such a bad infection, I'd rescue what data files I could (using live Linux) then erase the HDD and re-install windows.
that is, IMHO, a bit of an over-reaction.... think I've only ever had one or two infected machines which have been that bad I've had to do re-installs on them. And it's quicker to clean them than it is to do a full reinstall, update, programs, etc.
plus, most pc/lappy owners have never heard of backing up their photos, docs, music, etc............Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
that is, IMHO, a bit of an over-reaction.... think I've only ever had one or two infected machines which have been that bad I've had to do re-installs on them. And it's quicker to clean them than it is to do a full reinstall, update, programs, etc.
plus, most pc/lappy owners have never heard of backing up their photos, docs, music, etc......
Personally speaking, it's not what you found it's what you didn't find, can't be too careful. Besides a fresh install always spruces up a Windows PC.
Use fire and lots of it Science isn't exact, it's only confidence within limits.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.4K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.5K Work, Benefits & Business
- 602.8K Mortgages, Homes & Bills
- 178K Life & Family
- 260.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards