1.

Solve : Your system is infected! (Please help if you can)?

Answer»

Here they are, the active scan results:

;*****************************************************************************
ANALYSIS: 2010-02-18 11:21:33
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 2
;*****************************************************************************
PROTECTIONS
Description Version Active Updated
;====================================================================
AVG Anti-Virus Free 8.5 No No
;====================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;====================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\[emailprotected][2].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001951.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000466.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp10\a0003173.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\windows\system32\msls50.dll
05898765 Trj/Nabload.DPS Virus/Trojan No 0 No No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp11\a0003505.exe[32788r22fwjfw\catchme.cfxxe]
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000445.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000469.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000424.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001483.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000410.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000366.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001887.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001942.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001950.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000435.exe
05977738 Adware/ISecurity2010 Adware No 0 Yes No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0001471.exe
;====================================================================
SUSPECTS
Sent Location
;====================================================================
No c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001900.dll
No c:\windows\system32\msls51.dll
;====================================================================
VULNERABILITIES
Id Severity Description
;====================================================================
216839 HIGH MS10-001
215938 HIGH MS09-072
215935 HIGH MS09-069
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
205735 HIGH MS09-002
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
191618 HIGH MS08-025
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
;====================================================================
Download OTM by OldTimer to your desktop.

Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:services

:reg

:files
c:\windows\system32\msls50.dll
c:\windows\system32\msls51.dll

:Commands
[resethosts]
[purity]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or FOLDER cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

I did as instructed, however I couldn't get the results as it rebooted immediately after it finished.
After the re-BOOT as I kept getting this warning:

userinit.exe - Unable to Locate Component

This application has failed to start because msls51.dll was not found. Re-installing the application may fix this problem.

Now only the desktop background is visible, I can open task manager but that's all, there's no toolbar or desktop icons or anything. Manually shut down the computer and then start it again.Done. It's still the same, giving the same warning constantly. The background is the only thing there. I can open task manager and that's it.Restart the computer. This time as it is loading up tap the F8 key until you get to the boot menu.

Choose Last Known Good Configuration.

Let me know how that goes.Didn't go well, it's still the same, same warning about msls51.dll not found.Do you have your desktop BACK?Nothing there at all except the background picture. No desktop icons, toolbar, nothing. On the Keyboard press (all at the same time) CTRL ALT Delete

When the Task Manager cones up go to File > New Task > then type in explorer.exe and click OK.

Did your desktop come up?Explorer appeared briefly in the 'Applications' box of Tast Manager, with writing saying 'unable to locate component', then it dissapeared. My desktop did not come up.
The msls51.dll box came up about 5 more times in the process.On the Keyboard press (all at the same time) CTRL ALT Delete

When the Task Manager cones up go to File > New Task > then type in rstrui.exe and click OK.

Do you get the System restore window?'Windows cannot find 'rstrui.exe'. Make sure you typed the name correctly, and then try again.'

That's what happens each time I try.Do you have your XP CD?No, it already had XP installed when I got it (over 3 years ago) and did not come with a backup XP DISC.


Discussion

No Comment Found

Related InterviewSolutions