Help with virus removal

musskell · 07-06-2009, 06:09 PM

Hello,

I am a draftsman, and as a student I used the AutoDesk Student Community download utility to try out AutoCAD 2010. During the installation process, I was alerted that Autodesk is temporarily out of student licenses, and to continue with the install which will work as a trial version until activated in the future by one of the new licenses.

Today the trial expired, and I went to go get a key for the software, and I was alerted with the same message. In frustration I started looking for a keygen. I was perfectly aware of the risks but continued regardless, and as a result my machine is now infected.

Both avast anti-virus and windows defender caught the virus immediately but had no effect. This is a link to the file that caused all the trouble:

http://Click this link only if you u...ntains malware Link REMOVED

The only immediate result of opening the file was an alert by windows defender and avast anti-virus; However, a few minutes after, internet explorer windows began popping up on their own. When this first began happening, I did not have any internet explorer windows open.

The pop ups only go to a handful of sites; Although it queries the site differently each time so that the content is different.

So far I have saved these for reference:

http://allabout.biz/search/index.php?said=af104&q= query+here
http://thecoolerreview.com/srch/search.php?track=sg3&qq= query+here
http://impression.name/search/index.php?said=a09&q= query+here

Immediately after I noticed this problem, I updated SpyBot Search and Destroy, and did a full system scan. The scan revealed a few threats, and I attempted to fix them. Of the 8 or 9 categories of found threats, all but five were permanently removed. The other 5 were removed but only temporarily, and they were listed as "DNSflush.cws". I removed them for the second time, but I am unsure of whether or not they would show up in another scan. The problem currently persists so the spybot entries may not have been the culprits.

I have run a few scans on the computer, and I have pastebined them readability. They are also attached in a compress archive if you would prefer to download them.

Here are the links to the scans:
HijackThis Pastebin
DDS Pastebin
DDS Attach Pastebin
GMER Pastebin

Thank you very much for your help. Let me know if there any important details that I may have left out.
-Kent

tetonbob · 07-08-2009, 09:45 AM

Use of keygens and cracked software is against forum rules.

http://www.techsupportforum.com/rules.php

As such, this thread is closed.

I'd suggest you reinstall your OS.

07-08-2009, 09:45 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,119 OS: 2000 Pro; XP Pro; XP Home	Re: Help with virus removal Use of keygens and cracked software is against forum rules. http://www.techsupportforum.com/rules.php As such, this thread is closed. I'd suggest you reinstall your OS. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009