Discussions

Antimalware virus; please analyze my logs

Tags:
+
0 Votes
Locked

Antimalware virus; please analyze my logs

punkmartyr
Hi I got the "antimalware" virus. I ran several scans including malwarebytes, superantispyware, spybot, panda cloud, avira and ad-aware. I have not been able to get rid of all of it yet. I did find a lot of stuff on my computer from it and the computer is running considerably better. Right now there are two problems.

1. When I'm online it will out of the blue open another browser redirecting to a garbage site.

2. When the computer first starts I get this error:

RUNDLL
Error loading sbjgrujj.dll
The specified file could not be found.


Thanks for your help. Here are the logs:

MALWAREBYTES

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4174

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/8/2010 7:55:55 PM
mbam-log-2010-06-08 (19-55-55).txt

Scan type: Full scan (C:\|G:\|I:\|)
Objects scanned: 287694
Time elapsed: 2 hour(s), 58 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:57:31 PM, on 6/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ClamAV for Windows\1.0.26\agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ClamAV for Windows\1.0.26\iptray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundM
  • +
    0 Votes
    kristain

    AntiMalware is a virus that will disguise as a program to help protect the computer. AntiMalware rogue security application will continuously display different virus warning on the computer to get users attention and direct them to purchase the registered version of AntiMalware fake program.
    1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.
    2. After downloading, double-click on mbam-setup.exe to install the application.
    3. Follow the prompts and install as ?default? only
    4. Before the installation completes, check on the following prompts:
    * Update Malwarebytes? Anti-Malware
    * Launch Malwarebytes? Anti-Malware

    5. Click ?Finish.? Program will runautomatically and you will be prompt to update the program before doing a scan. Please update.
    6. Scan your computer thoroughly.
    7. When scanning is finished click on the ?Show Results?
    8. Make sure that all detected threats are marked, click on Remove Selected.
    9. Restart your computer.
    http://antivirus.iyogi.net/virus-removal/malware-removal.html

    +
    0 Votes
    PurpleSkys Moderator

    your antimalware programs and antivirus program in safe mode? Try that and see if it helps any...

    +
    0 Votes
    AnsuGisalas

    Remember that once cleaned, your OS may need a repair install.

    +
    0 Votes
    GSG

    I got that stupid virus last year, and had to run a repair, then a restore. The repair fixed most everything, except my wireless NIC. I tried re-loading the drivers, etc... without luck. Finally, as a last ditch effort, I did a restore from 30 days prior to the infection and got everything back.

    +
    0 Votes
    AnsuGisalas

    Or are you running an awful lot of AV in that hijack?
    Is that your usual regimen or is it a result of the recent problem?

    Did you try GMER yet? You obviously have something in your browser still, so that has to be attended to.

    If that turns out empty you could try Avast... I hear it's pretty good at catching apps being naughty, so it should be able to get a handle on the bogie when it hijacks your browser again... but try GMER first, in case you have a root kit.

    +
    0 Votes
    PurpleSkys Moderator

    I just took a harder look at the HJT log, the OP is running 3-4 AVs; you're right, they really need to pick one and then pull the others off, the machine will never run optimally - they will all conflict with each other. Run whatever AV you choose to keep in safe mode after you have uninstalled the others.

    Could then try superantispyware and possibly spybot S&D in safe mode as well as malwarebytes in safe mode.

    +
    0 Votes
    IC-IT

    You have 3 or 4 anti virus programs running. Uninstall all but one.

    You may have very well have killed the malware and simply have a startup file tring to load.

    Do an explorer search for sbjgrujj.dll
    Delete it then do a search in the registry.

    +
    0 Votes
    AnsuGisalas

    So something's still there.

  • +
    0 Votes
    kristain

    AntiMalware is a virus that will disguise as a program to help protect the computer. AntiMalware rogue security application will continuously display different virus warning on the computer to get users attention and direct them to purchase the registered version of AntiMalware fake program.
    1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.
    2. After downloading, double-click on mbam-setup.exe to install the application.
    3. Follow the prompts and install as ?default? only
    4. Before the installation completes, check on the following prompts:
    * Update Malwarebytes? Anti-Malware
    * Launch Malwarebytes? Anti-Malware

    5. Click ?Finish.? Program will runautomatically and you will be prompt to update the program before doing a scan. Please update.
    6. Scan your computer thoroughly.
    7. When scanning is finished click on the ?Show Results?
    8. Make sure that all detected threats are marked, click on Remove Selected.
    9. Restart your computer.
    http://antivirus.iyogi.net/virus-removal/malware-removal.html

    +
    0 Votes
    PurpleSkys Moderator

    your antimalware programs and antivirus program in safe mode? Try that and see if it helps any...

    +
    0 Votes
    AnsuGisalas

    Remember that once cleaned, your OS may need a repair install.

    +
    0 Votes
    GSG

    I got that stupid virus last year, and had to run a repair, then a restore. The repair fixed most everything, except my wireless NIC. I tried re-loading the drivers, etc... without luck. Finally, as a last ditch effort, I did a restore from 30 days prior to the infection and got everything back.

    +
    0 Votes
    AnsuGisalas

    Or are you running an awful lot of AV in that hijack?
    Is that your usual regimen or is it a result of the recent problem?

    Did you try GMER yet? You obviously have something in your browser still, so that has to be attended to.

    If that turns out empty you could try Avast... I hear it's pretty good at catching apps being naughty, so it should be able to get a handle on the bogie when it hijacks your browser again... but try GMER first, in case you have a root kit.

    +
    0 Votes
    PurpleSkys Moderator

    I just took a harder look at the HJT log, the OP is running 3-4 AVs; you're right, they really need to pick one and then pull the others off, the machine will never run optimally - they will all conflict with each other. Run whatever AV you choose to keep in safe mode after you have uninstalled the others.

    Could then try superantispyware and possibly spybot S&D in safe mode as well as malwarebytes in safe mode.

    +
    0 Votes
    IC-IT

    You have 3 or 4 anti virus programs running. Uninstall all but one.

    You may have very well have killed the malware and simply have a startup file tring to load.

    Do an explorer search for sbjgrujj.dll
    Delete it then do a search in the registry.

    +
    0 Votes
    AnsuGisalas

    So something's still there.