debone
2009-08-18, 10:32
Hi all, I hope you can help me with this!
I recently updated my antivirus software (AVG) and while the update was occuring for some reason the firewall dropped. I was browsing the internet at that time and then basically my computer starting going to crazy and flashing up all kinds of warning signs so I panicked and pulled the plug:oops:
Anyway, restrated, ran AVG and it picked up a couple of trojans and claimed to have cleaned them. I tried to run Spybot after this though and although the spybot.exe appears on the taskmanager list the program does not run. I tried to system restore but despite opening system restore it would not let me click on anything (i.e. couldn't choose a date, or even look back at the previous month).
I restarted again in safe mode and ran AVG again, this time it picked up some more things (which I thought may have just re-installed upon start up). The output AVG file read as follows -
\\?\globalroot\systemroot\system32\UACqqjkciyqxr.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\svchost.exe (616) Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\568907963392b6368ad1612b80b567\update\ Locked file. Not tested.
C:\7b57be48385b48e2e092ca0f\update\ Locked file. Not tested.
C:\bde97be67d9b4a7c37a9a28621da\update\ Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63acca2133954472b9dd8b539fa28a33_24adf822-76f7-4481-b30b-ff1b40f8687f Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.
And I still can't run Spybot (or combofix for that matter!). I assume I'm still infected and given that I'm a complete novice at this (and have probably caused more harm than good so far) I was hoping you helpl me,
Cheers,
DeBone
I recently updated my antivirus software (AVG) and while the update was occuring for some reason the firewall dropped. I was browsing the internet at that time and then basically my computer starting going to crazy and flashing up all kinds of warning signs so I panicked and pulled the plug:oops:
Anyway, restrated, ran AVG and it picked up a couple of trojans and claimed to have cleaned them. I tried to run Spybot after this though and although the spybot.exe appears on the taskmanager list the program does not run. I tried to system restore but despite opening system restore it would not let me click on anything (i.e. couldn't choose a date, or even look back at the previous month).
I restarted again in safe mode and ran AVG again, this time it picked up some more things (which I thought may have just re-installed upon start up). The output AVG file read as follows -
\\?\globalroot\systemroot\system32\UACqqjkciyqxr.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\svchost.exe (616) Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\568907963392b6368ad1612b80b567\update\ Locked file. Not tested.
C:\7b57be48385b48e2e092ca0f\update\ Locked file. Not tested.
C:\bde97be67d9b4a7c37a9a28621da\update\ Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63acca2133954472b9dd8b539fa28a33_24adf822-76f7-4481-b30b-ff1b40f8687f Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.
And I still can't run Spybot (or combofix for that matter!). I assume I'm still infected and given that I'm a complete novice at this (and have probably caused more harm than good so far) I was hoping you helpl me,
Cheers,
DeBone