Can you say, "Badly infected"?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
The owner of the system I scanned with SUPERAntiSpyware certainly can. :D LOL

Here is a condensed version of the SAS log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/21/2010 at 08:53 PM
Application Version : 4.35.1002
Core Rules Database Version : 4836
Trace Rules Database Version: 2648

Scan type : Complete Scan
Total Scan Time : 00:38:50

Memory items scanned : 588
Memory threats detected : 0
Registry items scanned : 5810
Registry threats detected : 0
File items scanned : 22384
File threats detected : 1412

Adware.Tracking Cookie

Trojan.Downloader-AUPD

Adware.ZenoSearch-NVON

Adware.webHancer

Adware.Vundo/Variant

Trojan.Downloader-Gen/A

Trojan.Agent/Gen-Koobface[Bonkers]

Adware.Agent/Gen-Qoodl[LG1]-A

Trojan.Agent/Gen-Virut

Trojan.Agent/Gen-MSFake

Trojan.Dropper/Gen-PHP

Adware.ClickSpring/Yazzle

Trojan.Agent/Gen

Trojan.RootKit/Gen

Adware.AdSponsor/ISM-GetModule

Rogue.Agent/Gen-Installer

Adware.AdSponsor/ISM

Trojan.Agent/Gen-FraudLoad

MyWay Search Assistant Computers

Adware.ClickSpring/Outer Info Network

Trojan.Agent/Gen-FraudLoad[Backdoor]

Adware.FotoMoto/Variant

Adware.Vundo/Variant-Cd

Adware.Vundo/Variant-Xs

Adware.Vundo/Variant-Senorita

Trojan.Dropper/Gen-NV

Adware.Vundo/Variant-EC

Trojan.Vundo-Variant/Small

Adware.Vundo/Variant-ATI

Trojan.Agent/Gen-PDrv[Packed]

Adware.Vundo/Variant-LEX[190]

Trojan.Vundo-Variant/Small-GEN

Trojan.Dropper/DAT

Adware.Vundo/Variant-[Header-PrDlg]

Adware.AdRotator/RightOnz

Adware.Vundo/Variant-Yng

Trojan.Agent/Gen-IEFakeAlert

Adware.Vundo/Variant-[Fixed]

Trojan.Downloader-Gen/FotoMoto-B

Trojan.Downloader-CREW

Adware.Vundo/Variant-CLD

Trojan.Agent/Gen-Dropper[UAC]

Trojan.Agent/Gen-MSFake[ProQuota]

Rogue.Agent/Gen-SecCenter

Adware.Vundo/Variant-CDriver

Adware.Vundo/Variant-Tx
Most of the 1412 threats were tracking cookies (like 1100+). I had never seen SAS detect so many different threats. Malwarebytes detected more leftovers after SAS was done. LOL

Anyway, I just wanted to share this with you. :)

Peace...
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,086
Yikes! :eek:

I'd call it a "Major Epidemic". :eek:

--------------------------------------------------------------
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
You can say that again. LOL

The funny (funny to me at least) thing is the computer owner called me and told me she thought she had a virus on her computer. I asked her what made her think her system was infected and she said she kept getting popups. I didn't ask about the nature or quantity of popups since her getting popups, alone, was enough to think her system was infected with something. I just had absolutely no idea it was infected with almost everything. :D LOL

I'm not laughing at the system owner, I'm laughing at the assortment and severity of the infection. We'll see what anti-virus and anti-spyware software was installed, if any.

Peace...
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear tomdkat,
Oh mon dieu! I counted 20 trojans including one " Trojan.RootKit/Gen ". Not for nothing is SAS called the "Swiss Army knife" and you've got a major surgery to perform:D:eek:! Have you a Lion's heart and lady's fingers, because that distinguishes a "great surgeon" from a "normal surgeon"?. I guess one of your assisting surgeons will be an ANTI-ROOTKIT! :rolleyes::rolleyes:
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
Have you a Lion's heart and lady's fingers, because that distinguishes a "great surgeon" from a "normal surgeon"?.
I've got something far more effective.. and it's NOT one of the rings of Mordor.

I've got the much coveted "Rubber Chicken", which when unveiled causes ALL malware to disintegrate instantly!

That's right, malware, "prepare to meet oblivion!" :D LOL

Peace...
 

Stoner

Banned
Joined
Oct 26, 2002
Messages
44,931
That's some list, Tom :D

Are you going to 'clean' or reinstall?
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
Well, I just confirmed that there isn't any important data worth saving on the box so I'll probably nuke the box if recovery CDs are available, etc.

Generally, I prefer to clean than to nuke but given this laundry list I might go the nuke route. We'll see how it goes. :)

By the way, I generated that list by scanning the infected hard drive from a known clean system. That's why there were no registry entries detected as being infected. I know all hell will break loose when I actually boot the system and that's when I'll make the decision to nuke or not.

Peace...
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,979
With the virut infection, you really have to format. It injects code in system files, executables, screen savers and others and even if they are cleaned they are left corrupt.

Back up the least things possible, documents, pictures, music should be OK.
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
I've got something far more effective.. and it's NOT one of the rings of Mordor.

I've got the much coveted "Rubber Chicken", which when unveiled causes ALL malware to disintegrate instantly!

That's right, malware, "prepare to meet oblivion!" :D LOL

Peace...
Dear cookiegal,
tom says he's got a rubber chicken, which may blow the entire city he lives in:D! He's clever,and says "peace" ( i would have said that, but he was a senior and thus beat me to it!) These are dangerous times we live in!:confused:
 

tomdkat

Thread Starter
Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
With the virut infection, you really have to format. It injects code in system files, executables, screen savers and others and even if they are cleaned they are left corrupt.

Back up the least things possible, documents, pictures, music should be OK.
Yeah, I've read about a Virut infection being nasty and have read about reformatting being the only real way to effectively remove it and be SURE it's been removed.

Here's a question: I've read the above with regard to a virut virus being detected. Since SUPERAntiSpyware detected a virut trojan would this be considered a different "strain" of virut or would it be the same or similar to the virus strains I've generally read about? I apologize if this isn't an appropriate question to ask. :)

Peace...
 
Joined
Jul 19, 2005
Messages
11,670
When I get a machine in that is infected such as the machine you have the solution is simple. Zero fill the drive and reinstall Windows and the applications.
 

antech

Banned
Joined
Feb 23, 2010
Messages
1,427
Really BADLY INFECTED!
But NOT more than me a 2 years ago.....
Kaspersky found about 1500 infected dll's !
Some were trojans,other spywares,jokewares,adwares viruses and some even pornwares!

I was just testing the depth of the viruses downloaded from the closed down site trojanfrance.com
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,979
Yeah, I've read about a Virut infection being nasty and have read about reformatting being the only real way to effectively remove it and be SURE it's been removed.

Here's a question: I've read the above with regard to a virut virus being detected. Since SUPERAntiSpyware detected a virut trojan would this be considered a different "strain" of virut or would it be the same or similar to the virus strains I've generally read about? I apologize if this isn't an appropriate question to ask. :)

Peace...
Hi Tom,

Technically it's considred a virus, a polymorphic file infector, but can also be classified as a trojan as well as it opens a backdoor to download other malware via IRC.

Here's a link to a blog by one of our most respected colleagues in the malware removal community, miekiemoes, explaining more about it:

http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
 
Joined
May 3, 2006
Messages
22,466
The only way I ever got through that was with booting to Erd Commander to hit System Restore and then Combofix as fast as I could restored back a month ago. Then Mbam a few times and all was well but using E.R.D and Mbam alone was not fast enough and I failed to boot.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top