Virus/trojan got me :(

[cpmer]

Ughhh I got a nasty little virus or something. Tons of pop ups and for a while i couldnt even log into to windows cause so many memory error messages. My pc usually uses 300 megs of ram when idling but now its using over a gig lol. I ran spybot and ad aware but they didnt help out. Mysteriously my anti virus comes up with an error message saying cant launch the exe file. I ran hi jack this and heres the log http://pastebin.com/m7af83644 Can you help me out by telling what things I need to get rid of.

 

[Blain]

Posting this in the "Security" or "Software for Windows" forums would have been better.

Follow the bouncing cleaning ball...
CCleaner > Trojan Remover > MalwareBytes > SuperAntiSpyware > Vipre or Avira AV.

After the cleaning...
Keep Vipre or Avira AV > Scans with MalwareBytes & SuperAntiSpyware > Spyware Blaster >
Stay away from file sharing programs, porn, crack/hack or pirate sites.
Don't follow links in emails > delete FWD emails.

 

[JEDIYoda]

Originally posted by: cpmer
Ughhh I got a nasty little virus or something. Tons of pop ups and for a while i couldnt even log into to windows cause so many memory error messages. My pc usually uses 300 megs of ram when idling but now its using over a gig lol. I ran spybot and ad aware but they didnt help out. Mysteriously my anti virus comes up with an error message saying cant launch the exe file. I ran hi jack this and heres the log http://pastebin.com/m7af83644 Can you help me out by telling what things I need to get rid of.

stay away from those XXXXX rated sites...

 

[AshPhoenix]

Format C: and install a fresh Windows, after that and before touching any of the other partitions or the files on them, install a good anti virus (Kaspersky is a good one, you can download a trial version from here ) then launch a full system scan.

 

[Schmide]

Originally posted by: JEDIYoda
stay away from those XXXXX rated sites...

First one X then XXX now XXXXX I am an old man.

 

[Slugbait]

Originally posted by: AshPhoenix
Format C: and install a fresh Windows, after that and before touching any of the other partitions or the files on them, install a good anti virus (Kaspersky is a good one, you can download a trial version from here ) then launch a full system scan.

I don't often agree with this suggestion, but...

OP, you have a ton of noisy EXEs and services running, like TVersity, Alcohol, Battlefield, Apple junk, Adobe junk...you can't be serious about 300 megs.

But I digress...you have several DLL files loading with random names, such as jh9fgo4ksdgf.dll. You have several EXE files loading with random names from your TEMP folder.

Upon first glance, you have installed a couple of trojans known as Win32Ertfor.A and Downloader.Agent.OGP. Whatever you installed that got these on your system appears to be zero-day, most reports say April 17 (first I can spot is April 16), and Ertfor.A apparently has been known since the 13th. System Restore should be disabled, so you aren't going to fix it that way. RegEdit might also be hosed.

Reader_s is also installed, and is considerably nastier than those other trojans. It's about a month old, and so far is almost impossible to get rid of. It's also associated with numerous droppers and virii, so there are likely other nasties installed. It's usually associated with Virut, so yeah...unplug your net tap (you're sending spam, ya know...), start backing up critical files, and then blow away your C:\ drive. Hopefully, you have a disc image.

 

[Slugbait]

I also noticed Lavasoft running...if it's running at boot, this means you also have the RBOT-SO worm installed.

As you're backing up your files, do NOT back up any EXE or SCR files...they are all infected. Also, Virut can penetrate compressed files that contain EXE or SCR files, so either skip back-up of ZIP/RAR files, or back them up to their own optical disc and scan them separately.

 

[Blain]

Dude, you've got plenty of time on your hands, try the clean up I outlined above.
It will cost you nothing.

 

[Slugbait]

Originally posted by: Blain
Dude, you've got plenty of time on your hands, try the clean up I outlined above.
It will cost you nothing.

Actually, it might cost you your machine. There are reports that clean-up attempts for your nasties result in no boot.

Before doing anything, back up your critical documents, FF Profile, email folder, game saves, etc...anything you can't live without. Then start the cleansing process. Otherwise, you stand a good chance of losing everything (unknown if a Linux boot disc would be able to access the dead system for file back-up).

As pointed out before, reader_s (Virut) is almost impossible to get rid of, so while you might eradicate some of the nasties installed, Blain's steps aren't going to help you with Virut. And since it's remotely controlled, you will live a life of regularly cleaning the other malware the author installs on your machine. This guy has a potential resolution for Virut...it's quite complicated and time-consuming, and is not guaranteed. If you would like to know a little more about what you're up against, click here, or just google around for five or ten minutes.

 

[vailr]

If you don't already have a 2nd HD, get one.
Install a fresh copy of Windows on that drive, with the "infected" drive unplugged.
Once you have that drive up and running (including Windows Updates), install Avira AV 9.x
+ Malwarebytes AntiMalware + SuperAntispyware + Spyware Terminator.
All 4 of these can be found at majorgeeks.com.
Shut down machine and attach infected drive (as slave drive).
Use bios setup to select the boot drive order.
Scan the infected slave drive, using latest detections.
Shut down machine, unplug the "new" drive, then reboot "old" drive.
Scan again while booted from the "old" drive.

 

[WaitingForNehalem]

Just boot up a linux cd, back up your files, and reformat.

 

[Slowlearner]

1. Having recently gone through similar problems at work - Here's what i would suggest:

2. Start the computer is safe mode with networking, keep pressing F8 at boot screen, navigate to http:safety.live.com, and run a full service scan - may take a couple of hours depending on data on you hd.

3. Download and run Malwarebytes Anti Malware.

If this doesnt take care of the problems, then do a repair install of Windows - see http://www.microsoft.com/windo...nmore/tips/doug92.mspx