Scoville
2011-02-13, 10:39
I have some sort of infection, I don't know anything about this kind of thing but I need help. Every time I start my computer, something comes up which say is can't access this:
C:\DOCUME~1\WESLEY~1\LOCALS~1\Temp\csrss.exe
I ran ad-aware.
I just ran malwarebytes - this is what came up:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org (http://www.malwarebytes.org)
Database version: 5751
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
2/13/2011 12:33:55 AM
mbam-log-2011-02-13 (00-33-55).txt
Scan type: Quick scan
Objects scanned: 147128
Time elapsed: 12 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\wesley scoville\local settings\Temp\qpxk0gja.dat (Rootkit.MBR) -> Quarantined and deleted successfully.
c:\documents and settings\wesley scoville\local settings\Temp\_DF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\wesley scoville\local settings\application data\vavctdxq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
Also, I can't access the internet so in firefox I changed the connection setting to auto-detect proxy setting. But only firefox works because of this - nothing else will connect.
C:\DOCUME~1\WESLEY~1\LOCALS~1\Temp\csrss.exe
I ran ad-aware.
I just ran malwarebytes - this is what came up:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org (http://www.malwarebytes.org)
Database version: 5751
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
2/13/2011 12:33:55 AM
mbam-log-2011-02-13 (00-33-55).txt
Scan type: Quick scan
Objects scanned: 147128
Time elapsed: 12 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\wesley scoville\local settings\Temp\qpxk0gja.dat (Rootkit.MBR) -> Quarantined and deleted successfully.
c:\documents and settings\wesley scoville\local settings\Temp\_DF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\wesley scoville\local settings\application data\vavctdxq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
Also, I can't access the internet so in firefox I changed the connection setting to auto-detect proxy setting. But only firefox works because of this - nothing else will connect.