General discussion

  • Creator
    Topic
  • #2213630

    Antimalware virus; please analyze my logs

    Locked

    by punkmartyr ·

    Hi I got the “antimalware” virus. I ran several scans including malwarebytes, superantispyware, spybot, panda cloud, avira and ad-aware. I have not been able to get rid of all of it yet. I did find a lot of stuff on my computer from it and the computer is running considerably better. Right now there are two problems.

    1. When I’m online it will out of the blue open another browser redirecting to a garbage site.

    2. When the computer first starts I get this error:

    RUNDLL
    Error loading sbjgrujj.dll
    The specified file could not be found.

    Thanks for your help. Here are the logs:

    MALWAREBYTES

    Malwarebytes’ Anti-Malware 1.46
    http://www.malwarebytes.org

    Database version: 4174

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    6/8/2010 7:55:55 PM
    mbam-log-2010-06-08 (19-55-55).txt

    Scan type: Full scan (C:\|G:\|I:\|)
    Objects scanned: 287694
    Time elapsed: 2 hour(s), 58 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:57:31 PM, on 6/8/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ClamAV for Windows\1.0.26\agent.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\FSRremoS.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\Pelmiced.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\ClamAV for Windows\1.0.26\iptray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\Avira\AntiVir Desktop\update.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe

    R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O1 – Hosts: 66.98.148.65 auto.search.msn.com
    O1 – Hosts: 66.98.148.65 auto.search.msn.es
    O2 – BHO: SysShield IE Popup Blocker – {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} – C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 – Toolbar: AbsoluteShield – {EE9DD090-902D-4623-9360-FB7D8666202B} – C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
    O3 – Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
    O4 – HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 – HKLM\..\Run: [SoundM

All Comments

  • Author
    Replies
    • #3027275

      RE : Antimalware virus; please analyze my logs

      by kristain ·

      In reply to Antimalware virus; please analyze my logs

      AntiMalware is a virus that will disguise as a program to help protect the computer. AntiMalware rogue security application will continuously display different virus warning on the computer to get users attention and direct them to purchase the registered version of AntiMalware fake program.
      1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.
      2. After downloading, double-click on mbam-setup.exe to install the application.
      3. Follow the prompts and install as ?default? only
      4. Before the installation completes, check on the following prompts:
      * Update Malwarebytes? Anti-Malware
      * Launch Malwarebytes? Anti-Malware

      5. Click ?Finish.? Program will runautomatically and you will be prompt to update the program before doing a scan. Please update.
      6. Scan your computer thoroughly.
      7. When scanning is finished click on the ?Show Results?
      8. Make sure that all detected threats are marked, click on Remove Selected.
      9. Restart your computer.
      http://antivirus.iyogi.net/virus-removal/malware-removal.html

    • #3027258

      did you run

      by purpleskys ·

      In reply to Antimalware virus; please analyze my logs

      your antimalware programs and antivirus program in safe mode? Try that and see if it helps any…

      • #3027253

        Also…

        by ansugisalas ·

        In reply to did you run

        Remember that once cleaned, your OS may need a repair install.

        • #3027217

          I had to do that

          by gsg ·

          In reply to Also…

          I got that stupid virus last year, and had to run a repair, then a restore. The repair fixed most everything, except my wireless NIC. I tried re-loading the drivers, etc… without luck. Finally, as a last ditch effort, I did a restore from 30 days prior to the infection and got everything back.

    • #3027157

      Is it just me…

      by ansugisalas ·

      In reply to Antimalware virus; please analyze my logs

      Or are you running an awful lot of AV in that hijack?
      Is that your usual regimen or is it a result of the recent problem?

      Did you try GMER yet? You obviously have something in your browser still, so that has to be attended to.

      If that turns out empty you could try Avast… I hear it’s pretty good at catching apps being naughty, so it should be able to get a handle on the bogie when it hijacks your browser again… but try GMER first, in case you have a root kit.

      • #3027072

        ouch

        by purpleskys ·

        In reply to Is it just me…

        I just took a harder look at the HJT log, the OP is running 3-4 AVs; you’re right, they really need to pick one and then pull the others off, the machine will never run optimally – they will all conflict with each other. Run whatever AV you choose to keep in safe mode after you have uninstalled the others.

        Could then try superantispyware and possibly spybot S&D in safe mode as well as malwarebytes in safe mode.

    • #3027141

      Couple of things

      by ic-it ·

      In reply to Antimalware virus; please analyze my logs

      You have 3 or 4 anti virus programs running. Uninstall all but one.

      You may have very well have killed the malware and simply have a startup file tring to load.

      Do an explorer search for sbjgrujj.dll
      Delete it then do a search in the registry.

Viewing 3 reply threads