Hello again,
Sorry to come running back so soon after my last post - http://www.geekpolice.net/virus-spyware-malware-removal-f11/win32-cryptor-generic13-many-others-t10629.htm , but I'm in need of some more help.
After getting help before and protecting myself, I've been using my computer the same as before, just some light browsing and chatting, and I decided to run some scans just now. Spybot turned up one result, a simple tracking cookie, but a Malwarebytes scan turned up something much worse:
Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3
6/17/2009 7:59:27 AM
mbam-log-2009-06-17 (07-59-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 222286
Time elapsed: 1 hour(s), 38 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> No action taken.
I actually took action against those two files and Malwarebytes said it was successful, but needed a reboot. Upon rebooting, Windows XP started a CHKDSK utility. I took a photo with my camera, but two key things it says are:
Deleting corrupt attribute recird (128, " ") from file record segment 65729
File verification completed.
And
Correcting error in index $I30 for file 10347.
Correcting error in index $I30 for file 10347.
Sorting index $I30 in file 10347.
I know nothing about this, but maybe it's more havoc that the previous infections caused still on my machine? Either way, I'm pretty scared now, since MBAM now says that it did nothing to those files and the blue CHKDSK screen always petrifies me. I'll be attaching a hijackthis scan in a moment, thank you in advance for your continued help.
Sorry to come running back so soon after my last post - http://www.geekpolice.net/virus-spyware-malware-removal-f11/win32-cryptor-generic13-many-others-t10629.htm , but I'm in need of some more help.
After getting help before and protecting myself, I've been using my computer the same as before, just some light browsing and chatting, and I decided to run some scans just now. Spybot turned up one result, a simple tracking cookie, but a Malwarebytes scan turned up something much worse:
Malwarebytes' Anti-Malware 1.37
Database version: 2295
Windows 5.1.2600 Service Pack 3
6/17/2009 7:59:27 AM
mbam-log-2009-06-17 (07-59-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 222286
Time elapsed: 1 hour(s), 38 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\rundll.exe (Trojan.Agent) -> No action taken.
I actually took action against those two files and Malwarebytes said it was successful, but needed a reboot. Upon rebooting, Windows XP started a CHKDSK utility. I took a photo with my camera, but two key things it says are:
Deleting corrupt attribute recird (128, " ") from file record segment 65729
File verification completed.
And
Correcting error in index $I30 for file 10347.
Correcting error in index $I30 for file 10347.
Sorting index $I30 in file 10347.
I know nothing about this, but maybe it's more havoc that the previous infections caused still on my machine? Either way, I'm pretty scared now, since MBAM now says that it did nothing to those files and the blue CHKDSK screen always petrifies me. I'll be attaching a hijackthis scan in a moment, thank you in advance for your continued help.