1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

some one help please

Discussion in 'Virus & Other Malware Removal' started by LostandFound, Apr 23, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    i just started here, but you all seem to be pretty well informed, my computer has recently been infected with some malware, which my protection calls worm.pirate, i can get all but two of them deleted, one inside a memory module, the other is a .tmp file that has bounced between bia1.tmp all the way now to boa9.tmp im rather confused because of the simplicity behind it, shouldnt all .tmp files be deletable?
    can provide malwarebytes log file once im in safe mode again, when this problem showed up and i restarted my computer, i get stuck on my back ground and a task bar that is blank, everything says its still running, and i can open anything i want through task managers "new task(run...)" anyone will to provide an idea of whats happening?
     
  2. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    Malwarebytes' Anti-Malware 1.44
    Database version: 3923
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    4/23/2010 12:45:54 AM
    mbam-log-2010-04-23 (00-45-48).txt

    Scan type: Quick Scan
    Objects scanned: 125817
    Time elapsed: 3 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    D:\Documents and Settings\home\Local Settings\Temp\doaB.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\woa9.tmp (Worm.Parite) -> No action taken.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    D:\Documents and Settings\home\Local Settings\Temp\doaB.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\woa9.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\bpaF.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\iqa16.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\ppa10.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\rpa11.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\fpa12.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\goa2.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\goa3.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\uqa15.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\yna1.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\yqa17.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\kpa13.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\koa7.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\ioa5.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\ioa6.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\woaA.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\moaD.tmp (Worm.Parite) -> No action taken.
    D:\Documents and Settings\home\Local Settings\Temp\noaE.tmp (Worm.Parite) -> No action taken.
     
  3. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    sorry to be persistant, but i cant find the .pinf file at all and this is my only working computer, been up about two days trying to route and locate this file, and completely drawing up blanks
     
  4. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    Malwarebytes' Anti-Malware 1.44
    Database version: 3923
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    4/23/2010 3:51:53 PM
    mbam-log-2010-04-23 (15-51-49).txt

    Scan type: Quick Scan
    Objects scanned: 125766
    Time elapsed: 4 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 42

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    D:\Documents and Settings\home\Local Settings\Temp\woa9.tmp (Worm.Parite) -> No action taken.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    D:\Documents and Settings\home\Local Settings\Temp\woa9.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\aal5B.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\ahp52.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\ama5E.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\apsD1.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\ash61.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\aww5D.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\bpaF.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\hla2.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\hla3.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\hma6.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\hoaD.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\iqa16.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\ppa10.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\pzh67.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\rfu53.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\rpa11.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\fpa12.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\goa2.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\goa3.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\uqa15.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\voaC.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\wwp9A.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\xma8.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\xma9.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\yda54.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\yna1.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\yqa17.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\jbc21.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\jke4E.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\jma5.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\jma7.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\kpa13.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\lij51.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\lma5F.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\lwp99.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\nbf55.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\nqn93.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\nuc60.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\nxq5C.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\ola1.tmp (Worm.Parite) -> No action taken.
    D:\WINDOWS\Temp\coaB.tmp (Worm.Parite) -> No action taken.



    all be it i know exactly how to remove most of these, the top two from local settings cannot be deleted until a reboot, and after the reboot, two more replace them
     
  5. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Hi there. Welcome to the TSG Forums.

    Parite is a polymorphic file infector. It will multiply and infect as many .exe and .scr files as it can find not only on your computer but also on other computers connected to the same network.

    This link might be of interest to you. It deals with a different file infector, but the position is the same.

    mekiemoes blog about file infectors

    I don't like to have to tell you this but it would be irresponsible of me or anyone else to attempt to help you clean a machine with this infection. The real fact is that trying to cure it will not work and will endanger other machines connected to the net. Not only that but in time, a reasonably short time, your machine is likely to become unbootable. This as the infection progresses.

    The only solution for your computer is a complete wipe of the hard drive i.e. re-format followed by re-installation.

    You should be careful if you choose to back up any files. If you use external storage such as USB drives or external harddrives they too can become infected and become capable of spreading the infection by simply plugging them into the infected machine. The best thing to do would be to wipe everything clean but if you choose to risk it, do not back up any executable files that end in .exe,.scr,.com,.cmd,.pif as any of these can be infected.

    Go to WindowsXP Clean Install for instructions how to format and reinstall Windows.


    I'm so sorry to give you nothing but bad news.
     
  6. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    its all good, biggest problem is i lost my windows XP disk, but have copied and pasted to a secured area on different settings on my computer, unfortunately, i cannot get myself inside of my computer to burn a new copy, so, sadly enough, im just going to wait until my computer compltely fries, scrap if for parts, then buy a new one. thanks for the help though
     
  7. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    You can always borrow a Windows XP disk from a friend. It's perfectly legal to use someone else's CD as long as it contains the same version of XP (ie Home, Professional, Media Center) and as long as you have your own activation key.

    Remember that this infection does spread over the network too, so you might be putting other systems at risk by keeping this system going.

    Goodluck :)
     
  8. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    im on a private ISP, i believe, errr, im the only one in this house that uses my inet on this modem in general, so im safe i think, and unfotrunately, all the people i know are retarded and only use the stupid "comes with this......" pre installed setup computers with no disks.
     
  9. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Alright. Sometimes the company that sold you the system will ship you a CD if you have misplaced your own but that depends on the company. Certainly something to look into though.

    I'm sorry I couldn't be of more help.
     
  10. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    its okay, i pretty much figured this was going to happen, the people that i got the client from that gave me the virus keep telling me its only an annoyance and will do nothing but lag your computer, i built this one myself, so unfortunately i cant get a new disk, thanks alot though, i had the same idea or conclusion that you came up with, i just wanted a verifying word, thanks a bunch
     
  11. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Sure thing.
     
  12. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    okay, so my entire computer was just cleaned of the parite virus, amount a few other trojans, from here and there, and all without re formatting, someone on here was kind enough to give me a PM and tell me exactly what to download from his webpage, and remotely fixed the problem all on his own. as you can all tell, nothing is impossible.
    and his exactwords were "reformatting is for quitters"

    Trojan.TDss.UZ (virus)

    • [*]C:\RECYCLER\S-5-2-78-100029758-100012552-100031973-4461.com Action: quarantined
      [*]F:\RECYCLER\S-5-2-78-100029758-100012552-100031973-4461.com Action: quarantined
    Trojan.Script.125896 (virus)

    • [*]C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\Y7UZMPW9\counter0[1].js Action: quarantined
    Trojan.Generic.IS.109101 (virus)

    • [*]D:\Program Files\TQ Digitial\Eudemons Online\EudemonsOnline\D2UQSeCg.bat Action: quarantined
      [*]D:\Program Files\ForgottenRealms\jI3wLnJw.dll Action: quarantined
    Win32.Parite.B (virus)

    • [*]D:\RECYCLER\S-1-5-21-1417001333-1957994488-839522115-1004\Dd5260.exe\MysticalWorlds\AutoPatch.exe
      [*]D:\RECYCLER\S-1-5-21-1417001333-1957994488-839522115-1004\Dd5260.exe\MysticalWorlds\MysticalWorlds.exe
      [*]D:\RECYCLER\S-1-5-21-1417001333-1957994488-839522115-1004\Dd5260.exe\MysticalWorlds\Play.exe
    thanks a bunch man
     
  13. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    I'm glad to hear it's resolved. You shouldn't be allowing strangers to have direct access to your system in the future though.

    No one should be providing help over the private messaging system and no one should be providing malware removal advice if they're not approved to do so. This system and these rules are put in place for a reason: To protect you and to ensure the quality of advice given.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    LostandFound,

    We do not allow assistance by unqualified people because malware removal is very complex and great care has to be taken when using the various tools and methods. The helpers have to undergo training and then be authorized to help. Allowing someone to remote into your computer is very risky and that's why we don't allow it here. Nor do we allow assistance by PM behind the scenes. As helpers, we never like to have to tell someone to reformat a machine but there are times when that is the only viable and responsible solution for your own protection and that of others. As you can see, many threads here go on for days, weeks and even months because of the extensive damage these infections do to systems so the helpers are definitely not quitters.
     
  15. LostandFound

    LostandFound Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    9
    yeah i saw it as a risk, but at the same time, i couldnt lose anything, if worst came to worst, i would have to reformat anyway, i figured why not try to save the thousands of photos i have of me and my family, i took the chance, and it seemed to have paid off, not meaning to disrespect anyone on here in anyway, im just saying that sometimes the greatest things happen when you take a chance
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918707

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice