PDA

View Full Version : MSIV root virus?



icemike
2009-06-13, 14:31
Hi guys I've followed the guide on removing rootkit virus and how to manually remove malaware. I've also tried installing programs like hijack this and spybot and everytime I come to do this I get BSOD. Same applies to when i start scanning with avg? Superantispyware won't even start up anymore!?

Not sure how I got this but i have an idea it might have been through a script one of my work peers put on my laptop. I use autocad and we rely heavly on scripts for design work. Would be much help if anyone can advise on me what to do.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Requested file archive at 13/06/2009 01:15:18
Created by RootAlyzer
Copyright © 2004-2009 Safer-Networking Limited. All rights reserved.

File, Invisible to Win32: C:\WINDOWS\System32\MSIVXcount
File, Invisible to Win32: C:\WINDOWS\System32\MSIVXkfjefjjurxdutmyxnveavvljmarkpqmx.dll
File, Invisible to Win32: C:\WINDOWS\System32\MSIVXopneldfwbkqobowtjpgeduimiobybgtl.dll
File, Invisible to Win32: C:\WINDOWS\System32\drivers\MSIVXmfasbqwbmebrvfvioxdxfnvocoqaxpdu.sys
File, Invisible to Win32: C:\Users\Michael\AppData\Local\Temp\_tc\MSIVXcount
File, Invisible to Win32: C:\Users\Michael\AppData\Local\Temp\_tc\MSIVXkfjefjjurxdutmyxnveavvljmarkpqmx.dll
Folder, No admin in ACL: C:\Users\All Users\Microsoft\OFFICE\DATA
File, No admin in ACL: C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK
File, No admin in ACL: C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat
Folder, No admin in ACL: C:\ProgramData\Microsoft\OFFICE\DATA
File, Invisible to Win32: C:\Program Files\MSIVXcount

Requests:
C:\WINDOWS\System32\MSIVXcount
C:\WINDOWS\System32\MSIVXkfjefjjurxdutmyxnveavvljmarkpqmx.dll
C:\WINDOWS\System32\MSIVXopneldfwbkqobowtjpgeduimiobybgtl.dll
C:\WINDOWS\System32\drivers\MSIVXmfasbqwbmebrvfvioxdxfnvocoqaxpdu.sys
C:\Users\Michael\AppData\Local\Temp\_tc\MSIVXcount
C:\Users\Michael\AppData\Local\Temp\_tc\MSIVXkfjefjjurxdutmyxnveavvljmarkpqmx.dll
C:\Users\All Users\Microsoft\OFFICE\DATA\*.*
C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK
C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat
C:\ProgramData\Microsoft\OFFICE\DATA\*.*
C:\Program Files\MSIVXcount

Operations:
+ added: C:\WINDOWS\System32\MSIVXcount
+ added: C:\WINDOWS\System32\MSIVXkfjefjjurxdutmyxnveavvljmarkpqmx.dll
+ added: C:\WINDOWS\System32\MSIVXopneldfwbkqobowtjpgeduimiobybgtl.dll
+ added: C:\WINDOWS\System32\drivers\MSIVXmfasbqwbmebrvfvioxdxfnvocoqaxpdu.sys
+ added: C:\Users\Michael\AppData\Local\Temp\_tc\MSIVXcount
+ added: C:\Users\Michael\AppData\Local\Temp\_tc\MSIVXkfjefjjurxdutmyxnveavvljmarkpqmx.dll
+ added: C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK
+ added: C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat
+ added: C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK
+ added: C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat
+ added: C:\ProgramData\Microsoft\OFFICE\DATA\OPA12.BAK
+ added: C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat
+ added: C:\Program Files\MSIVXcount

Shaba
2009-06-14, 12:17
Hi icemike

Please rename HijackThis installer.

If you are able to install HijackThis, please rename HijackThis executable if it doesn't run.

Shaba
2009-06-19, 12:42
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.