Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Virus downloaded

  • 03-05-2012 7:33pm
    #1
    Ollie Rehn
    Closed Accounts Posts: 7


    Hi this can probably be merged with the smartsear.ch thread.

    Used a streaming site to watch game on Monday. Problems with laptop after I restarted. I use Chrome as my default browser. It keeps crashing everytime I try access most sites. Typing etc is very sluggish. I have tried downloading some protection but downloads are not working.

    I have Spybot, Maleware Bytes Anti Maleware and AVG installed. Are the logs from these worth posting? I can't download the stuff in the charter obviously.

    Apologies for lack of info in post


Comments

  • #2
    yoyo
    Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    Ollie Rehn wrote: »
    Hi this can probably be merged with the smartsear.ch thread.

    Used a streaming site to watch game on Monday. Problems with laptop after I restarted. I use Chrome as my default browser. It keeps crashing everytime I try access most sites. Typing etc is very sluggish. I have tried downloading some protection but downloads are not working.

    I have Spybot, Maleware Bytes Anti Maleware and AVG installed. Are the logs from these worth posting? I can't download the stuff in the charter obviously.

    Apologies for lack of info in post

    Sounds like you could have a mbr rootkit, if nothing is downloading/installing you'll probably need to remove it from outside Windows, The Kaspersky Rescue Disc (Free) is good at removing them, you should then run a Malware Bytes, Super Antispyware etc. scan after

    Nick

    My Beer Glass collection site 🍺

    My Irish Callcards site



  • #3
    Ollie Rehn
    Closed Accounts Posts: 7 Ollie Rehn


    Here is a scan from AVG I ran yesterday

    AVG 2011 Anti-Virus command line scanner
    Copyright (c) 1992 - 2011 AVG Technologies
    Program version 10.0.1424, engine 10.0.2411
    Virus Database: Version 2411/4973 2012-05-02

    C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\All Users\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\All Users\NTUSER.DAT.LOG Locked file. Not tested.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\postgres\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\postgres\ntuser.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\myname\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Documents and Settings\myname\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
    C:\Documents and Settings\myname\Local Settings\Temp\avg-725c593b-a77f-4730-93cb-a67b320cb77d.tmp Locked file. Not tested.
    C:\Documents and Settings\myname\Local Settings\Temp\avg-78c0d861-b689-4258-9a98-a7493b1adb60.tmp Locked file. Not tested.
    C:\Documents and Settings\myname\My Documents\Downloads\unconfirmed 10390.crdownload Corrupted executable file
    C:\Documents and Settings\myname\NTUSER.DAT Locked file. Not tested.
    C:\Documents and Settings\myname\ntuser.dat.LOG Locked file. Not tested.
    C:\pagefile.sys Locked file. Not tested.
    C:\System Volume Information\ Locked file. Not tested.
    C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
    C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
    C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
    C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
    C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
    C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\SAM Locked file. Not tested.
    C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
    C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
    C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
    C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
    C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
    Objects scanned : 1404926
    Found infections : 0
    Found PUPs : 0
    Healed infections : 0
    Healed PUPs : 0
    Warnings : 1


  • #4
    Ollie Rehn
    Closed Accounts Posts: 7 Ollie Rehn


    I can't download the latest version of the disc. When I click on the hyperlink "You can download the distributive of Kaspersky Rescue Disk 10 from Kaspersky Lab servers" a blank tab is the result


  • #5
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    post the mbam log and do this

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #6
    Ollie Rehn
    Closed Accounts Posts: 7 Ollie Rehn


    Hi ASJ112. Below is the log


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.03.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    MY name :: XXXX [administrator]

    05/03/2012 8:46:29 PM
    mbam-log-2011-03-12 (12-14-26).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 338514
    Time elapsed: 1 hour(s), 38 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paddy Power Poker (PUP.Casino) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Poker\Paddy Power Poker\_SetupPoker_3d9ff5.exe (PUP.Casino) -> No action taken.
    C:\Poker\Paddy Power Poker\_SetupPoker_618.exe (PUP.Casino) -> No action taken.

    (end)


    I have removed the above but wouldn't imagine it's the problem.

    Regarding the OTL, I can't download it as the virus has blocked downloads. ie when I click the download link nothing happens.

    Is there any settings in chrome I can change or some other solution?


  • Advertisement
  • #7
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    try these links

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
    www.itxassociates.com/OT-Tools/OTL.com
    www.itxassociates.com/OT-Tools/OTL.scr


  • #8
    Ollie Rehn
    Closed Accounts Posts: 7 Ollie Rehn


    Yeah I tried them from clicking the links from the original link and again from your posting. None of them loading. Virus is blocking them from loading I'd imagine.

    At my wits end here. I am no computer genius by any means but usually can remove stuff without help. This has me stumped :mad:

    Edited to say originally all flash sites were stalling and crashing immediately after visiting. I went to my plug ins and under flash I disabled the 3 entries below.



    Flash (3 files) - Version: 11,2,202,235 (Disabled)
    Shockwave Flash 11.2 r202
    Name: Shockwave Flash
    Description: Shockwave Flash 11.2 r202
    Version: 11,2,202,235
    Location: C:\Documents and Settings\My NAME\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    Type: NPAPI
    Enable
    MIME types:
    MIME type Description File extensions
    application/x-shockwave-flash Adobe Flash movie
    .swf
    application/futuresplash FutureSplash movie
    .spl


    Name: Shockwave Flash
    Description: Shockwave Flash 11.1 r31
    Version: 11.1.31.203
    Location: C:\Documents and Settings\MY NAME\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    Type: PPAPI (out-of-process)
    Enable
    MIME types:
    MIME type Description File extensions
    application/x-shockwave-flash Shockwave Flash
    .swf
    application/futuresplash Shockwave Flash
    .spl


    Name: Shockwave Flash
    Description: Shockwave Flash 10.3 r183
    Version: 10,3,183,7
    Location: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    Type: NPAPI
    Enable
    MIME types:
    MIME type Description File extensions
    application/x-shockwave-flash Adobe Flash movie
    .swf
    application/futuresplash FutureSplash movie
    .spl


  • #9
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you download them on another PC, put them on a USB key, boot the infected PC up via Safe Mode, and try open them then ?


  • #10
    Ollie Rehn
    Closed Accounts Posts: 7 Ollie Rehn


    Was thinking that'd be the best solution. I will try that over the weekend.

    Thanks.


Advertisement