PDA

View Full Version : Had some trojans/viruses, and now task bar won't come up.



frequencyyy
2010-11-17, 06:54
I have a windows vista computer.


Alright so today, I went out to buy a 32" TV to serve as my monitor. I hook everything up, and change the resolution and stuff and restart my computer. When I boot up my computer, my task bar is gone (the one with the start button on it) and I have a lot of wierd tasks in task manager, and I recognize most of them from a month ago, when I have 72 Malwares/Trojans/Viruses detected in SpyBot.

So I turned my computer on with Safe mode, ran a malware bytes scan , and Spy Bot, I quarantined/fixed with both, and now nothing is detected, how ever...my task bar is still not there.

In addition to that, there are like 20 start up services (virus) in my msconfig, that are still there, but just disabled.

Task bar is not hiding
the resolution is correct
I tried hovering mouse over it,
CTRL+ESC
Yes, explorer is running
Control Panel > Display


but nothings working..

so this is a 3 parted question - How do I stop the viruses from comingg back up? (I haven't downloaded anything/went to no no websites( since i got 72 viruses so I have no idea what caused this)

and how do I bring my task bar back up!!!!!!

and is it being caused by the new monitor or the viruses?

I'm very new to this, I've never had any malicious things before, so just tell me what you need (the log's I've been seeing around on the forums), and how do I get them/post them, and I'll post them ASAP!

frequencyyy
2010-11-17, 07:18
Malware Bytes log from the first time I encountered the problems

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4980

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/28/2010 7:49:58 PM
mbam-log-2010-10-28 (19-49-58).txt

Scan type: Quick scan
Objects scanned: 155363
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\James\AppData\Local\Temp\msxm192eve.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eveb (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\James\AppData\Local\Temp\msxm192eve.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Windows\Temp\Esd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\James\downloads\flashcodec.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Flash\FlashUpdate (Trojan.Agent) -> Quarantined and deleted successfully.

frequencyyy
2010-11-17, 07:19
Log from today:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5067

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

11/16/2010 9:15:13 PM
mbam-log-2010-11-16 (21-15-13).txt

Scan type: Quick scan
Objects scanned: 159853
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 53
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nguvaxifiv (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqpe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqpe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqpe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqtw+ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqtw+ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqtw+ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqurb (Worm.Saphira) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqurb (Worm.Saphira) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqurb (Worm.Saphira) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqva (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqva (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmnsf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmnxc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqoc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqrta (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqrtc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mque (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nfv_axms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nrzlcxl (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0ncaaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpsf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmnsf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpxc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmnxc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpeq (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpsd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpzp (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmprc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmptg (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpwuc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpwe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqoc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqrta (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqrtc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mque (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nfv_axms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nrzlcxl (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0ncaaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\config\systemprofile\AppData\Local\asreANl.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\ver64b.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\lsass.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Windows\nvsvc32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\taskmgr.exe (Worm.Saphira) -> Quarantined and deleted successfully.
C:\Windows\win.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\win32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\hexdump.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\wininst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\o9xjmpu72g.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\ksr02670.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\y0nb773.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

tashi
2010-11-17, 07:28
Hello frequencyyy,

Please see the forum guideline which also includes instructions on posting a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic and a volunteer analyst will advise you when available. :)

Also provide a link back to this thread and don't add posts to the new one as helpers look for topics with a zero response. ;)

Best regards.

Edit
New topic: http://forums.spybot.info/showthread.php?t=60463