Results 1 to 2 of 2

Thread: I've been infected

  1. #1
    Junior Member
    Join Date
    Feb 2008
    Posts
    1

    Default I've been infected

    After Kaspersky scansion I obtained a huge report, so I didn't post it entirely; Have I to post it in 2/3 times?
    I try to install Trend Micro HijackThis 2.0.2, but every time I launch it the program crash.... What can I do?
    thank you

    Anycase here's the first and the last part of kasp. report.

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, February 24, 2008 2:27:16 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 24/02/2008
    Kaspersky Anti-Virus database records: 578045
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 87691
    Number of viruses found: 3
    Number of infected objects: 2
    Number of suspicious objects: 2
    Duration of the scan process: 00:41:46

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinRenos.zip/laf1.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinRenos.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\LdIvhUJJ\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LdIvhUJJ\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LdIvhUJJ\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    ............

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\corel-service.exe Object is locked skipped
    C:\WINDOWS\system32\drivers\etc\hosts.20080223-175007.backup Infected: Trojan.Win32.Qhost.kk skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbchha.dll Infected: Trojan-Downloader.Win32.Agent.jke skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_590.dat Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Mablung

    Welcome to Safer Networking.

    Please read Before YouPost
    That said, All advice given by anyone volunteering here, is taken at own risk.
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen.




    Please download ATF Cleaner by Atribune to your desktop.
    • This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.


    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up




    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and Paste the entire report in your next reply along with a Hijackthis log.




    Now try downloading and installing Hijackthis by Trendmicro,

    Download Trendmicros Hijackthis to your desktop.
    • Double click it to install
    • Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
    • Open HJT Scan and Save a Log File, it will open in Notepad
    • Go to Format and make sure Wordwrap is Unchecked
    • Go to Edit> Select All/Edit > Copy and Paste the new log into this thread
      DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.



    I need to see...

    1. Malwarebytes log
    2. Hijackthis log by Trendmicro
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •