Move Networks Media Player Malware Question

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dood1emom

Thread Starter
Joined
Jul 7, 2009
Messages
6
Hi, Live many others I've been hit badly by the recent wave of nasty trojans et al very recently. AVG Free (primary antivirus) disabled, installed but now SAS is disabled, MalwareBytes installed but disabled, already had HJT installed but it's been killed too ... will come back for more specific help when I am ready to move on --

But here's a question: checking the Add/Remove Program lists shows something called Move Networks Media Player (everything ese looks kosher) - is it legit or something along the lines of the Viewpoint Player foistware?

thank you
 

dood1emom

Thread Starter
Joined
Jul 7, 2009
Messages
6
Hi, got hit while on the web the other day. AVG squawked, but was disabled just after I ran scan. Virus Vault inacessable, but was able to find a list of initial infections called Trojan horse Small.AU, Win32Heur, Agent2.QLS, SHeur2.BAYE,BAYZ,BAYL,BAXZ,BAXZ, Pakes.EAM
Some infected files were:
pvewnn.exe
qbuf.exe
tujfbtrj.exe
osps.exe
enurmyv.exe
emxtqjit.exe

Have a listing I can post if needed. I also noticed immediately upon hit that a hpbyv and an xhue on my c:. Still have weird "155480941" that was generated at time of attack in c: Also have strange settings.dat 0 byte file on desktop that seems to generated after running some things.

Also found at some point were a thru e.exe's and a mbam.exe.

I need to get the system up and running for hubby to jobhut, kids to do homework. This is what we've done and a HJT log. Sorry if post too long, but thought info would help.

Ran CCleaner, was able to eventually run SuperAntiSpyware, Combofix, never got Malwarebytes to run, ran RootReveal and MGtools. Think I have logs to get to you if needed. System better, no longer getting missing dlls at bootup, but I know it's not clean. Bootex's were being dumped to removeable drives - that seems cleaned up, but whenever I access the HP_Administrator Docs & Settings area I get "Feature unavailable while... need to connect online" (System has been pulled from DSL) so I know something is still trying to access things, and as noted above I seem to be getting strange files generated. Windows Update was turned off by virus, seems to be accessible now.

Anyways, here's the HJT Log. Thanks for any help
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top