|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page. |
 |
|
|
LinkBack | Thread Tools |
10-11-2007, 11:21 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 17
OS: xp service pack 2
|
System32 folder's in quarantine (Moved from Windows XP)
Like a week ago my computer got infected by a total of 11 viruses, 8 of this troyans. I ran multiple virus scans with avg (my previous antivirus was avast) after that I downloaded avg anti-spyware which detected a total of 127 spyware's on my computer. Since then everyday my computer detects around 11 files infected, all system32 folders. A friend told me to scan my computer with ComboFix which I did and this was the last outcome of it:
Code:
2007-04-24 12:21 9248 --a------ C:\Qoobox\Quarantine\C\Temp\1cb\syscheck.log.vir
2007-08-02 20:44 169147 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rev1\gbb83122.exe.vir
2007-10-03 22:05 36352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqrrpq.dll.vir
2007-10-03 22:11 36352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vtuttrr.dll.vir
2007-10-03 22:18 6465 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkkj.bak1.vir
2007-10-04 10:19 1338099 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkkj.bak2.vir
2007-10-04 10:29 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\blfmsajl.dll.vir
2007-10-04 21:23 1360094 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkkj.ini.vir
2007-10-08 17:51 96 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-10 15:08 1060 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.dat
2007-10-10 15:08 196 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.dat
2007-10-10 15:08 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.dat
2007-10-10 15:08 3628 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.dat
2007-10-10 15:08 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat
Folder PATH listing
Volume serial number is 75AC-F4D9
C:\QOOBOX\QUARANTINE
+---C
| +---Temp
| | \---1cb
| | syscheck.log.vir
| |
| \---WINDOWS
| | cookies.ini.vir
| |
| \---system32
| | blfmsajl.dll.vir
| | ijkkj.bak1.vir
| | ijkkj.bak2.vir
| | ijkkj.ini.vir
| | ssqrrpq.dll.vir
| | vtuttrr.dll.vir
| |
| \---rev1
| gbb83122.exe.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.dat
LEGACY_NWSAPAGENT.reg.dat
services_DomainService.reg.dat
services_nm.reg.dat
services_NwSapAgent.reg.dat
All help is well recieved. |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-11-2007, 11:37 AM
|
#2 (permalink) |
|
Manager, TSF Articles
|
Re: System32 folder's in quarantine
Hi there and welcome to TSF.
In view of the large amount of infection, I'll move your thread to Computer Security where our security analysts will be better able to deal with it.
__________________
  If you feel that TSF has helped you please make a donationand help to keep the forum free Cenedl heb iaith, cenedl heb galon |
|
|
|
|
10-11-2007, 09:13 PM
|
#3 (permalink) |
|
Manager Emeritus
Join Date: Feb 2006
Location: Adelaide, South Australia
Posts: 10,180
OS: Xp Sp3 with all updates + Vista™ Ultimate SP1.
|
Re: System32 folder's in quarantine (Moved from Windows XP)
Hi Ecinue, Welcome to TSF!
 In view of your post , I recommend that you read this article, "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum. (Simply, click on the coloured links to be re-directed.) Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one. When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed. However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds. Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can. Good Luck with it. Kind Regards,
__________________
Dave T. If it works, Don't fix it! Especially if Bill Gates had anything to do with it!!
|
|
|
|
|
| Thread Tools | |
|
|
