» my fool self got viruses on my computer, took most of it out, but one part keeps coming back |
  |
» my fool self got viruses on my computer, took most of it out, but one part keeps coming back |
  Jan 28 2010, 07:46 PM
Post
#1
|
|
|
Member  Group: Members Posts: 157 Joined: 10-December 08 Member No.: 10,646  |
Ok, long story short, i was looking for a keygen for one of my games, downloaded the wrong thing, and got a slew of viruses from it. Most were trojans and other low end stuff, and quick action with process explorer and some manual hunting killed most of them. There is 1 left, and i think i killed it already, but i downloaded and installed malwarebyte and ran it.
here is the log Malwarebytes' Anti-Malware 1.44 Database version: 3654 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 1/28/2010 8:43:36 PM mbam-log-2010-01-28 (20-43-27).txt Scan type: Quick Scan Objects scanned: 96509 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Backdoor.Bot) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\Anubis\pxurh.exe \s) Good: (Userinit.exe) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\kr_done1 (Malware.Trace) -> No action taken. kill the registry infections and the 1 file infection? |
 |
 
|
|
Jan 28 2010, 09:24 PM
Post
#2
|
|
 Support Staff  Group: Support Staff Lv1 Posts: 1,901 Joined: 12-September 08 From: Canada Member No.: 9,274 |
You should. Remove it and see what happens.
-------------------- Free PC software for your computer
CCleaner ZoneAlarm AVG Lavasoft Adware Firefox Malwarebytes Flock (same as firefox) HiJackThis avast! Avira Anti-Virus Comodo Threatfire Peer Guardian Winrar Winamp Adware SE-Personal Combofix (Guide Included) Defraggler SpywareBlaster Spybot Search and Destroy Speedfan Google Chrome Dban 15-30 DAYS Paid Anti-Virus Trials Kaspersky ESET NOD32 F-Secure Norton Antivirus Mcafee The Slackers Lounge-Being revived, so need your help :) |
|
|
|
|
Jan 29 2010, 08:32 AM
Post
#3
|
|
|
Member Group: Members Posts: 157 Joined: 10-December 08 Member No.: 10,646 |
ok guess not. sometimes when opening a web page i get redirected to another page. Its annoying. So now what?
This post has been edited by Captiosus: Jan 29 2010, 11:47 AM |
|
|
|
|
Jan 29 2010, 10:07 PM
Post
#4
|
|
 Tech Freak  Group: Support Staff Lv2 Posts: 4,117 Joined: 19-July 08 From: The garden city Member No.: 8,601 |
Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip
Finally post a new HijackThis log and the contents of the Qoofix logfile. I assume you know how to go with the HJT. -------------------- My website|I recommend Windows 7 |Solved cases Archive
   Those who prefer the old CHF skin, please log in and go all the way to the bottom left of this forum and change the Universal to CHF Dark Blue. Are you bored? |
|
|
|
|
Jan 30 2010, 09:13 AM
Post
#5
|
|
|
Member Group: Members Posts: 157 Joined: 10-December 08 Member No.: 10,646 |
i already found the solution by mahself. One of the viruses had patched my atapi.sys file and that resulted in the redirects. But TY anyways. Another person got it and thats what led me to figuring out what this thing was hiding in.
see this thread http://computerhelpforum.org/forum/general...ome/t27410.html for more. |
|
|
|
 |
Lo-Fi Version |
Time is now: 29th July 2010 - 03:23 PM Skin by IPB FR - IPB Europe |
