I think this may be the wrong place for this kind of thread if it is im sorry, but i recently encountered a virus on my computer me being dumb i didn't have an antivirus at the time because i rarely downloaded files, but my brother was convinced he could get me a cool program to organise my music so i let him and i ended up getting a virus i really dont know how to remove it i've installed malwarebytes to no avail avast seems to not be able to remove the files because they're binded to system processes like winlogon.exe explorer.exe lsass.exe this is the virus scan report
File Keygen.CD.Catalog.Expert.9.2.4504 received on 2009.11.27 09:56:12 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.11.27 Trojan-Downloader.Win32.Ufraie!IK
AhnLab-V3 5.0.0.2 2009.11.27 -
AntiVir 7.9.1.79 2009.11.27 TR/Crypt.ULPM.Gen
Antiy-AVL 2.0.3.7 2009.11.27 Trojan/Win32.Vilsel
Authentium 5.2.0.5 2009.11.26 -
Avast 4.8.1351.0 2009.11.27 Win32:Malware-gen
AVG 8.5.0.426 2009.11.26 Win32/Cryptor
BitDefender 7.2 2009.11.27 Trojan.Generic.2770506
CAT-QuickHeal 10.00 2009.11.27 -
ClamAV 0.94.1 2009.11.27 -
Comodo 3054 2009.11.27 -
DrWeb 5.0.0.12182 2009.11.27 Trojan.Siggen.28307
eSafe 7.0.17.0 2009.11.26 -
eTrust-Vet 35.1.7145 2009.11.27 -
F-Prot 4.5.1.85 2009.11.26 -
F-Secure 9.0.15370.0 2009.11.24 Trojan.Proxy.Agent.BBQ
Fortinet 4.0.14.0 2009.11.27 W32/Vilsel.NQY!tr
GData 19 2009.11.27 Trojan.Generic.2770506
Ikarus T3.1.1.74.0 2009.11.27 Trojan-Downloader.Win32.Ufraie
Jiangmin 11.0.800 2009.11.27 -
K7AntiVirus 7.10.905 2009.11.25 -
Kaspersky 7.0.0.125 2009.11.27 Trojan.Win32.Vilsel.nqy
McAfee 5814 2009.11.26 generic!bg.fqr
McAfee+Artemis 5814 2009.11.26 generic!bg.fqr
McAfee-GW-Edition 6.8.5 2009.11.27 Heuristic.LooksLike.Trojan.Crypt.ZPACK.A
Microsoft 1.5302 2009.11.27 TrojanDownloader:Win32/Ufraie.A
NOD32 4640 2009.11.26 a variant of Win32/TrojanDownloader.Ufraie.A
Norman 6.03.02 2009.11.25 W32/Malware.KBOY
nProtect 2009.1.8.0 2009.11.27 -
Panda 10.0.2.2 2009.11.27 Trj/CI.A
PCTools 7.0.3.5 2009.11.27 Trojan.Popwin
Prevx 3.0 2009.11.27 High Risk Cloaked Malware
Rising 22.23.04.04 2009.11.27 Trojan.Win32.Generic.51F21A8B
Sophos 4.48.0 2009.11.27 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.11.26 -
Symantec 1.4.4.12 2009.11.27 Trojan.Popwin
TheHacker 6.5.0.2.079 2009.11.26 -
TrendMicro 9.100.0.1001 2009.11.27 PAK_Generic.001
VBA32 3.12.12.0 2009.11.27 Trojan-Proxy.Win32.Agent
ViRobot 2009.11.27.2058 2009.11.27 -
VirusBuster 5.0.21.0 2009.11.26 -
Additional information
File size: 31744 bytes
MD5...: 1a6c2c86e7f401a9e1c94d7b39da8f30
SHA1..: bb520f3589b3dc5faa8aa613d54d52dd2dffb5f0
SHA256: b2fa58be3711fb9c26b629832aa0ff68b333e224de3462b299665b465149870d
ssdeep: 768:2QjAqM3qE36tpZdI1yucQYJMzDuE3SVimChlIUCqnbcuyD7U:uqAq8cucQYJ<br>MzqE3S2lFnouy8<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10ea10<br>timedatestamp.....: 0x4b03fc95 (Wed Nov 18 13:54:29 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x107000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x108000 0x8000 0x7600 7.95 401cfcb99d24a3532edee05637ba29a9<br>UPX2 0x110000 0x1000 0x200 1.66 c9d0e67a9eed3e61068c163ee8d593df<br><br>( 1 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A3F525D300F027F97C5A0021416B170037BF63B2' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A3F525D300F027F97C5A0021416B170037BF63B2</a>
packers (F-Prot): UPX_LZMA
i will upload a hijackthis log when i get home
please help me
File Keygen.CD.Catalog.Expert.9.2.4504 received on 2009.11.27 09:56:12 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.11.27 Trojan-Downloader.Win32.Ufraie!IK
AhnLab-V3 5.0.0.2 2009.11.27 -
AntiVir 7.9.1.79 2009.11.27 TR/Crypt.ULPM.Gen
Antiy-AVL 2.0.3.7 2009.11.27 Trojan/Win32.Vilsel
Authentium 5.2.0.5 2009.11.26 -
Avast 4.8.1351.0 2009.11.27 Win32:Malware-gen
AVG 8.5.0.426 2009.11.26 Win32/Cryptor
BitDefender 7.2 2009.11.27 Trojan.Generic.2770506
CAT-QuickHeal 10.00 2009.11.27 -
ClamAV 0.94.1 2009.11.27 -
Comodo 3054 2009.11.27 -
DrWeb 5.0.0.12182 2009.11.27 Trojan.Siggen.28307
eSafe 7.0.17.0 2009.11.26 -
eTrust-Vet 35.1.7145 2009.11.27 -
F-Prot 4.5.1.85 2009.11.26 -
F-Secure 9.0.15370.0 2009.11.24 Trojan.Proxy.Agent.BBQ
Fortinet 4.0.14.0 2009.11.27 W32/Vilsel.NQY!tr
GData 19 2009.11.27 Trojan.Generic.2770506
Ikarus T3.1.1.74.0 2009.11.27 Trojan-Downloader.Win32.Ufraie
Jiangmin 11.0.800 2009.11.27 -
K7AntiVirus 7.10.905 2009.11.25 -
Kaspersky 7.0.0.125 2009.11.27 Trojan.Win32.Vilsel.nqy
McAfee 5814 2009.11.26 generic!bg.fqr
McAfee+Artemis 5814 2009.11.26 generic!bg.fqr
McAfee-GW-Edition 6.8.5 2009.11.27 Heuristic.LooksLike.Trojan.Crypt.ZPACK.A
Microsoft 1.5302 2009.11.27 TrojanDownloader:Win32/Ufraie.A
NOD32 4640 2009.11.26 a variant of Win32/TrojanDownloader.Ufraie.A
Norman 6.03.02 2009.11.25 W32/Malware.KBOY
nProtect 2009.1.8.0 2009.11.27 -
Panda 10.0.2.2 2009.11.27 Trj/CI.A
PCTools 7.0.3.5 2009.11.27 Trojan.Popwin
Prevx 3.0 2009.11.27 High Risk Cloaked Malware
Rising 22.23.04.04 2009.11.27 Trojan.Win32.Generic.51F21A8B
Sophos 4.48.0 2009.11.27 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.11.26 -
Symantec 1.4.4.12 2009.11.27 Trojan.Popwin
TheHacker 6.5.0.2.079 2009.11.26 -
TrendMicro 9.100.0.1001 2009.11.27 PAK_Generic.001
VBA32 3.12.12.0 2009.11.27 Trojan-Proxy.Win32.Agent
ViRobot 2009.11.27.2058 2009.11.27 -
VirusBuster 5.0.21.0 2009.11.26 -
Additional information
File size: 31744 bytes
MD5...: 1a6c2c86e7f401a9e1c94d7b39da8f30
SHA1..: bb520f3589b3dc5faa8aa613d54d52dd2dffb5f0
SHA256: b2fa58be3711fb9c26b629832aa0ff68b333e224de3462b299665b465149870d
ssdeep: 768:2QjAqM3qE36tpZdI1yucQYJMzDuE3SVimChlIUCqnbcuyD7U:uqAq8cucQYJ<br>MzqE3S2lFnouy8<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10ea10<br>timedatestamp.....: 0x4b03fc95 (Wed Nov 18 13:54:29 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x107000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x108000 0x8000 0x7600 7.95 401cfcb99d24a3532edee05637ba29a9<br>UPX2 0x110000 0x1000 0x200 1.66 c9d0e67a9eed3e61068c163ee8d593df<br><br>( 1 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A3F525D300F027F97C5A0021416B170037BF63B2' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A3F525D300F027F97C5A0021416B170037BF63B2</a>
packers (F-Prot): UPX_LZMA
i will upload a hijackthis log when i get home
please help me
