Hi - Hoping you can help. My Del Vostro was very infected -- I removed a bunch of threats with Mic Sec Essentials and Malwarebytes scans - over 20 threats were identified and removed or disinfected - I will post the logs below. Since then I've run malwarebytes twice and a full mse scan once that have come up clean. But the computer is still acting weird.
For example, I've gotten a "generic host process for win32 has encountered a problem and needs to close" notice, I get pop-up ads on firefox, and other times, the whole system seems to just freeze.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4914
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/22/2010 11:45:45 AM
mbam-log-2010-10-22 (11-45-45).txt
Scan type: Full scan (C:\|)
Objects scanned: 174128
Time elapsed: 1 hour(s), 37 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12
Memory Processes Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gmorphcl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\PXSYF9Y1\badoversion707001000lux[3].exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taskcgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\upd_debug.exe (Trojan.FakeAlert) -> Delete on reboot.
Windows Sec Essen
Trojan win32/jpgiframe.a
Exploit:java/CVE-2008-5353.LR
also that same prefix plus .JH, .GG, .EQ, .MW, .CG
Exploit:java/CVE2009-3867.DN
same with .CA, .EQ, .EH
Rogue:win32/fake yak
Trojan:Win32/Bamital
Virus:Win32/Bamital.G
and on previous scan:
Trojan:Win32/Adclicker.BB (two of these)
Virus:Win32/Bamital.G (two of these)
Another Virus:Win32/Bamital.G
Definitely still infected --- just got that "generic host problem for win32" notice again. Soon after that, my firefox tabs closed and were replaced with a scary virus alert window - at which point the bar on the bottom of the screen changed to a graphic style that I associate with safe mode. I had to shut the machine down manually. Yikes!
Please help!!
For example, I've gotten a "generic host process for win32 has encountered a problem and needs to close" notice, I get pop-up ads on firefox, and other times, the whole system seems to just freeze.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4914
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/22/2010 11:45:45 AM
mbam-log-2010-10-22 (11-45-45).txt
Scan type: Full scan (C:\|)
Objects scanned: 174128
Time elapsed: 1 hour(s), 37 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12
Memory Processes Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gmorphcl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\PXSYF9Y1\badoversion707001000lux[3].exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taskcgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\upd_debug.exe (Trojan.FakeAlert) -> Delete on reboot.
Windows Sec Essen
Trojan win32/jpgiframe.a
Exploit:java/CVE-2008-5353.LR
also that same prefix plus .JH, .GG, .EQ, .MW, .CG
Exploit:java/CVE2009-3867.DN
same with .CA, .EQ, .EH
Rogue:win32/fake yak
Trojan:Win32/Bamital
Virus:Win32/Bamital.G
and on previous scan:
Trojan:Win32/Adclicker.BB (two of these)
Virus:Win32/Bamital.G (two of these)
Another Virus:Win32/Bamital.G
Definitely still infected --- just got that "generic host problem for win32" notice again. Soon after that, my firefox tabs closed and were replaced with a scary virus alert window - at which point the bar on the bottom of the screen changed to a graphic style that I associate with safe mode. I had to shut the machine down manually. Yikes!
Please help!!
We are glad you are here!