XP Security 2010 + Other Trojans

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Geffrey

Thread Starter
Joined
Jan 16, 2010
Messages
5
I was infected with XP Security 2010 Trojan. Symptoms were: every time I treid to open anything, it said that thing was infected by a trojan and prompted me to register fake software XP Security 2010.

Fixed (I think): Reboot in safe mode + system restore to a week ago checkpoint

After that I installed Malwarebytes and scanned my whole computer. Simultaneously scanned with Panda antivirus. Both programs deleted several viruses/trojans, with one exception. Panda said that the file mswsock.dll in my system32 folder is infacted but neither it, nor I (manually) can delete it ( it's always being used).

Remaining symptoms:
1- Computer is running slow as if still infected.

2- Malwarebytes giving me a messages every few secs saying:

"Sucessfully blocked access to potentially malicious website: 83.133.119.155 (or variant)

Type: outgoing"

3- Eventhough I am able to connect to the internet, the connectivity icon on the bottom left taskbar is appearing as though it is still searching for connection, and giving the message : Acquiring network address.
 

Geffrey

Thread Starter
Joined
Jan 16, 2010
Messages
5
I tried a scan with ESSET NOD32 AV, and it turns out that a Win32/Sirefef.DA trojan is hiding as svchost.exe and ESET was unable to clean it.

Log:
Scan Log

Version of virus signature database: 6673 (20111130)
Date: 11/30/2011 Time: 9:20:19 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;E:\Boot sector;C:\;E:\
Operating memory » \GLOBAL??\5020ddcd\WINDOWS\$NtUninstallKB36333$\1344331213\Desktop.ini - a variant of Win32/Sirefef.DN trojan - cleaned by deleting [1]
Operating memory » svchost.exe(1348) - probably a variant of Win32/Sirefef.DA trojan - unable to clean
Operating memory » \\.\globalroot\systemroot\system32\mswsock.dll - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » files.info - unsupported option
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWGTLPC0\background_gradient[2] - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWGTLPC0\bullet[1] - error opening [4]
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\SFX_Creatures.pak » ZIP » SFX/Creatures/ArchDemonMage.bsb - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\SFX_Creatures.pak » ZIP » - archive damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\Tortuga.Client.pak » ZIP » Maps/Tortuga/040_040/8_8_lightmapDown.bin - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\Tortuga.Client.pak » ZIP » - archive damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\World_Astral.pak » ZIP » World/Astral/Astral/Models/Astral_SkyBackGround03.(Geometry).bin - archive damaged
Scan terminated by user.
Number of scanned objects: 65869
Number of threats found: 2
Number of cleaned objects: 1
Time of completion: 11:46:16 PM Total scanning time: 8757 sec (02:25:57)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top