1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus Infection W32/Sinowal-based Maximus. Please help remove.

Discussion in 'Virus & Other Malware Removal' started by bevjthomas1, Oct 8, 2008.

Thread Status:
Not open for further replies.
  1. bevjthomas1

    bevjthomas1 Thread Starter

    Joined:
    Oct 8, 2008
    Messages:
    2
    I did a scan with FProt Antivirus and it was not able to open alot of the files to scan them. The one thing that was found is W32/Sinowal-based Maximus. I did an online search to help remove it and came across this website. There was already someone who had the same thing but it was recommended to seek guidance. I do not have the full version of FProt Antivirus. It is the trial version. I also downloaded ClamWin Free Antivirus and did a scan. It found another virus or Trojan. I would like to be able to remove them from my computer. I know that there are probably many other problems with this computer and any guidance I can get will be appreciated. I was thinking I wanted to just start all over reinstall everything to the factory settings. If I were to do that would it get rid of all the problems on the computer including any Trojans or Virus'. Thank you.

    Below is what FProt Antivirus found:

    -----------------------------SCAN REPORT-----------------------------
    F-PROT Antivirus for Windows
    Antivirus Scanning Engine version number: 4.4.4
    Virus signature file from: 4/28/2008, 4:17 PM
    Scan name: [My Computer]
    Path to scan: [My Computer]
    Normal scan
    Also scan: Inside subfolders, Compressed files, Streams
    Scan started: 10/8/2008, 7:26:28 AM
    ---------------------------------------------------------------------
    [Unscannable] <File is damaged> C:\DELL\Drivers\R43907\MANUAL\ACROBAT\AR500ENU.EXE->(embedded)
    [Unscannable] <File is damaged> C:\DELL\Drivers\R48180\setup.exe->(embedded)->(CAB)
    [Warning] <Could not open file> C:\Documents and Settings\Beverly\Application Data\FRISK Software\F-PROT Antivirus for Windows\ReportFiles\2008-10-08T07-26-28 - [My Computer].txt
    [Warning] <Could not open file> C:\Documents and Settings\Beverly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    [Warning] <Could not open file> C:\Documents and Settings\Beverly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    [Warning] <Could not open file> C:\Documents and Settings\Beverly\NTUSER.DAT
    [Warning] <Could not open file> C:\Documents and Settings\Beverly\ntuser.dat.LOG
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\0RG3WHIV\eBayISAPI[2].dll->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\0RG3WHIV\page_not_responding[1].html->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E14DGV85\eBayISAPI[5].dll->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E14DGV85\iframebody_e4654us[1].js->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E14DGV85\page_not_responding[1].html->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E14DGV85\page_not_responding[2].html->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\E14DGV85\page_not_responding[3].html->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\O9SZ630R\page_not_responding[1].html->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\SLAZG9I7\CA19V8E7->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Brittany\Local Settings\Temporary Internet Files\Content.IE5\SLAZG9I7\page_not_responding[1].html->(packed)
    [Unscannable] <File is damaged> C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0LARKLUN\notary_law_text[1].doc
    [Warning] <Could not open file> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    [Warning] <Could not open file> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    [Warning] <Could not open file> C:\Documents and Settings\LocalService\NTUSER.DAT
    [Warning] <Could not open file> C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [Warning] <Could not open file> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    [Warning] <Could not open file> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    [Warning] <Could not open file> C:\Documents and Settings\NetworkService\NTUSER.DAT
    [Warning] <Could not open file> C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [Warning] <Could not open file> C:\WINDOWS\$NtUninstallKB824141$\user32.dll
    [Warning] <Could not open file> C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
    [Warning] <Could not open file> C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
    [Warning] <Could not open file> C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
    [Warning] <Could not open file> C:\WINDOWS\system32\config\default
    [Warning] <Could not open file> C:\WINDOWS\system32\config\default.LOG
    [Warning] <Could not open file> C:\WINDOWS\system32\config\SAM
    [Warning] <Could not open file> C:\WINDOWS\system32\config\SAM.LOG
    [Warning] <Could not open file> C:\WINDOWS\system32\config\SECURITY
    [Warning] <Could not open file> C:\WINDOWS\system32\config\SECURITY.LOG
    [Warning] <Could not open file> C:\WINDOWS\system32\config\software
    [Warning] <Could not open file> C:\WINDOWS\system32\config\software.LOG
    [Warning] <Could not open file> C:\WINDOWS\system32\config\system
    [Warning] <Could not open file> C:\WINDOWS\system32\config\system.LOG
    [Unscannable] <Unknown format or compression method> C:\WINDOWS\system32\MSJAVX86.EXE
    [Unscannable] <Unknown format or compression method> C:\WINDOWS\system32\MSJAVX86.EXE
    [Unscannable] <Unknown format or compression method> C:\WINDOWS\system32\MSJAVX86.EXE
    [Unscannable] <File is damaged> C:\WINDOWS\system32\MSJAVX86.EXE->(CAB)->osp.zip->com/ms/osp/DataSource.class
    [Unscannable] <File is damaged> C:\WINDOWS\system32\MSJAVX86.EXE->(CAB)->osp.zip->com/ms/osp/DataSourceListener.class
    [Unscannable] <File is damaged> C:\WINDOWS\system32\MSJAVX86.EXE->(CAB)->osp.zip->com/ms/osp/OLEDBSimpleProvider.class
    [Unscannable] <File is damaged> C:\WINDOWS\system32\MSJAVX86.EXE->(CAB)->osp.zip->com/ms/osp/OLEDBSimpleProviderListener.class
    [Found possible virus] <W32/Sinowal-based!Maximus (not disinfectable)> C:\WINDOWS\Temp\AolCoach.cab->.\Data.ns\Player\plugin\Extern\RegComm.dll
    [Contains infected objects] C:\WINDOWS\Temp\AolCoach.cab
    [Quarantined] C:\WINDOWS\Temp\AolCoach.cab->aolcoach_winhunter_ns.inf
    ---------------------------------------------------------------------
    Scan ended: 10/8/2008, 9:25:56 AM
    Duration: 1:59:28
    Scan result:
    Scanned files: 82024
    Infected objects: 1
    Disinfected objects: 0
    Quarantined files: 1

    Below is what ClamWin found:


    Scan Started Mon Oct 06 18:11:36 2008
    -------------------------------------------------------------------------------

    C:\Documents and Settings\Beverly\Desktop\Beverly's Storage\Victoria Wieck Absolute™ Snowflake Line Bracelet.doc: Permission denied
    C:\hiberfil.sys: Permission denied
    C:\pagefile.sys: Permission denied
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll: Permission denied
    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys: Permission denied
    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll: Permission denied
    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll: Permission denied
    C:\WINDOWS\system32\config\default: Permission denied
    C:\WINDOWS\system32\config\SAM: Permission denied
    C:\WINDOWS\system32\config\SECURITY: Permission denied
    C:\WINDOWS\system32\config\software: Permission denied
    C:\WINDOWS\system32\config\system: Permission denied
    C:\WINDOWS\system32\f3PSSavr.scr: Permission denied

    C:\RECYCLER\S-1-5-21-746137067-1214440339-1801674531-1005\Dc3393\ISP6130\Utilities\ppal3ppc.exe: Adware.Agent-1329 FOUND
    ----------- SCAN SUMMARY -----------
    Known viruses: 434279
    Engine version: 0.94
    Scanned directories: 5741
    Scanned files: 75141
    Infected files: 1

    Data scanned: 39885.32 MB
    Time: 49412.281 sec (823 m 32 s)
    --------------------------------------
    Completed
    --------------------------------------
     
  2. bevjthomas1

    bevjthomas1 Thread Starter

    Joined:
    Oct 8, 2008
    Messages:
    2
    Hi,
    I was wondering if anyone can help with this. Thank you.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/757308

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice