1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

XP Security 2010 + Other Trojans

Discussion in 'Virus & Other Malware Removal' started by Geffrey, Nov 30, 2011.

Thread Status:
Not open for further replies.
  1. Geffrey

    Geffrey Thread Starter

    Joined:
    Jan 16, 2010
    Messages:
    5
    I was infected with XP Security 2010 Trojan. Symptoms were: every time I treid to open anything, it said that thing was infected by a trojan and prompted me to register fake software XP Security 2010.

    Fixed (I think): Reboot in safe mode + system restore to a week ago checkpoint

    After that I installed Malwarebytes and scanned my whole computer. Simultaneously scanned with Panda antivirus. Both programs deleted several viruses/trojans, with one exception. Panda said that the file mswsock.dll in my system32 folder is infacted but neither it, nor I (manually) can delete it ( it's always being used).

    Remaining symptoms:
    1- Computer is running slow as if still infected.

    2- Malwarebytes giving me a messages every few secs saying:

    "Sucessfully blocked access to potentially malicious website: 83.133.119.155 (or variant)

    Type: outgoing"

    3- Eventhough I am able to connect to the internet, the connectivity icon on the bottom left taskbar is appearing as though it is still searching for connection, and giving the message : Acquiring network address.
     
  2. Geffrey

    Geffrey Thread Starter

    Joined:
    Jan 16, 2010
    Messages:
    5
    I tried a scan with ESSET NOD32 AV, and it turns out that a Win32/Sirefef.DA trojan is hiding as svchost.exe and ESET was unable to clean it.

    Log:
    Scan Log

    Version of virus signature database: 6673 (20111130)
    Date: 11/30/2011 Time: 9:20:19 PM
    Scanned disks, folders and files: Operating memory;C:\Boot sector;E:\Boot sector;C:\;E:\
    Operating memory » \GLOBAL??\5020ddcd\WINDOWS\$NtUninstallKB36333$\1344331213\Desktop.ini - a variant of Win32/Sirefef.DN trojan - cleaned by deleting [1]
    Operating memory » svchost.exe(1348) - probably a variant of Win32/Sirefef.DA trojan - unable to clean
    Operating memory » \\.\globalroot\systemroot\system32\mswsock.dll - error opening [4]
    C:\pagefile.sys - error opening [4]
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » files.info - unsupported option
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWGTLPC0\background_gradient[2] - error opening [4]
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWGTLPC0\bullet[1] - error opening [4]
    C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\SFX_Creatures.pak » ZIP » SFX/Creatures/ArchDemonMage.bsb - incorrect CRC checksum, the file may be damaged
    C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\SFX_Creatures.pak » ZIP » - archive damaged
    C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\Tortuga.Client.pak » ZIP » Maps/Tortuga/040_040/8_8_lightmapDown.bin - incorrect CRC checksum, the file may be damaged
    C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\Tortuga.Client.pak » ZIP » - archive damaged
    C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\World_Astral.pak » ZIP » World/Astral/Astral/Models/Astral_SkyBackGround03.(Geometry).bin - archive damaged
    Scan terminated by user.
    Number of scanned objects: 65869
    Number of threats found: 2
    Number of cleaned objects: 1
    Time of completion: 11:46:16 PM Total scanning time: 8757 sec (02:25:57)

    Notes:
    [1] Object has been deleted as it only contained the virus body.
    [4] Object cannot be opened. It may be in use by another application or operating system.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029113

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice