Hello Facepunch. My PC recently, out of the fucking nowhere, crashed because of a virus, when i launch windows i see this:
[img]http://www.plaatjesupload.nl/bekijk/2010/09/23/1285240994-990.jpg[/img]
The following programs are blocked
- IE 8
- Firefox
- command Prompt
- Task manager
- Google Chrome
And i guess more programs.
The local PC hardware store can fix it, but costs 53 euro and it will take 4 days.
That is really the very final option if i cannot solve this.
If you need more info, post.
[editline]edit[/editline]
[img_thumb]http://www.plaatjesupload.nl/bekijk/2010/09/23/1285241287-380.jpg[/img_thumb]
[i] before bitching about "Pirates of the Movies", I make family movies, and i made a few movies under that name on Youtube, last time i was banned for this because they thought it was a illegal thing or something.[/i]
AVG knows the virus, But it cannot remove them
1. They just do not go
2. They come back as soon i deleted them
I am now running windows in SafeMode
Just need to find a way to install the software since everything is locked n' blocked.
[QUOTE=darth-veger;24999476]Just need to find a way to install the software since everything is locked n' blocked.[/QUOTE]
Does Antimalware Docter pops up in safemode ?. You can just install MBAM from there.
Or kill the process tree from the virus and then try.
Oke, I took out a USB stick and i downloaded it from my laptop, to the USB, After that i installed the data on my infected PC.
The software is running.
[editline]03:15PM[/editline]
Alright, Gonna play some Bully on the 360 while the software is scanning.
Will report back when its done.
[QUOTE=darth-veger;24999695]Oke, I took out a USB stick and i downloaded it from my laptop, to the USB, After that i installed the data on my infected PC.
The software is running.
[editline]03:15PM[/editline]
Alright, Gonna play some Bully on the 360 while the software is scanning.
Will report back when its done.[/QUOTE]
Hi, im a friend of Darth Veger, and he dont have access to his laptop at the moment. and this is the result from when he ran the .vbs file
So he wanted me to say:
"a window poped-up and said:
Result:
Task Manager is now disabled."
Open it again to enable. He said it was disabled ...
Thank you very much. Here is the final log:
[code]Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4676
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
23-9-2010 21:24:28
mbam-log-2010-09-23 (21-24-28).txt
Scan type: Full scan (D:\|)
Objects scanned: 327071
Time elapsed: 56 minute(s), 0 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 17
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 29
Memory Processes Infected:
D:\Users\Pirates of the Movie\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{tvwt106y-ji7l-l8p4-7qt0-q8op76q1y2dj} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhrfymciejlorc (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhrfymciejlzr (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlzr (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlorc (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3fwhzqa3lt (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhrfymciejlora (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlora (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlkc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhrfymciejlrxc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlqb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlrxc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvrwpiejlud (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhrfymciejlud (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
D:\Windows\System32\Microsoft_KB57H43 (Trojan.Backdoor) -> Quarantined and deleted successfully.
Files Infected:
D:\Users\Pirates of the Movie\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
D:\Users\Guest\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
D:\Windows\file_3.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\obug24w.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Roaming\1F7CFA5EC36134B2198C990AD9B4D198\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\p2i4wl.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Users\Guest\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
D:\Users\Guest\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
D:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\jpbc6.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\Mzs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\Mzh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\pqhm4.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Users\Pirates of the Movie\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
[/code]
Thank you ColdFusion!
holy fuck look at those infected files
Run MBAM again in safe mode again to be sure.
You didn't use sefe mode? [b]YOU'RE DOING IT FUCKING WRONG[/b]. Restart into safe mode, and scan again.
I had to help my Dad out with something similar. What you should do is find out the piece of crap software they want you to buy. Go onto another computer and google the removal process and follow those steps. That will wipe out the virus. After that, do some scans to ensure that there are no more viruses.
I highly recommend getting a program like Comodo Firewall that will ask your permission to run any file, that way something can only run or install if you want it to.
Sorry, you need to Log In to post a reply to this thread.
