Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Your system is infected! (Please help if you can)  (Read 38546 times)

0 Members and 1 Guest are viewing this topic.

KayleyBug

    Topic Starter


    Beginner

    Re: Your system is infected! (Please help if you can)
    « Reply #15 on: February 18, 2010, 04:23:08 AM »
    Here they are, the active scan results:

    ;*****************************************************************************
    ANALYSIS: 2010-02-18 11:21:33
    PROTECTIONS: 1
    MALWARE: 4
    SUSPECTS: 2
    ;*****************************************************************************
    PROTECTIONS
    Description                                  Version                       Active    Updated
    ;====================================================================
    AVG Anti-Virus Free                          8.5                           No        No
    ;====================================================================
    MALWARE
    Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
    ;====================================================================
    00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\administrator\cookies\[email protected][2].txt
    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001951.exe
    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000466.exe
    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp10\a0003173.dll
    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\windows\system32\msls50.dll
    05898765  Trj/Nabload.DPS                    Virus/Trojan        No        0         No             No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp11\a0003505.exe[32788r22fwjfw\catchme.cfxxe]
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000445.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000469.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000424.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001483.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000410.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000366.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001887.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001942.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001950.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000435.exe
    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0001471.exe
    ;====================================================================
    SUSPECTS
    Sent      Location
    ;====================================================================
    No        c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001900.dll
    No        c:\windows\system32\msls51.dll
    ;====================================================================
    VULNERABILITIES
    Id        Severity       Description
    ;====================================================================
    216839    HIGH           MS10-001
    215938    HIGH           MS09-072
    215935    HIGH           MS09-069
    215048    HIGH           MS09-065
    214076    HIGH           MS09-059
    971486    HIGH           MS09-058
    214074    HIGH           MS09-057
    214073    HIGH           MS09-056
    214072    HIGH           MS09-055
    214071    HIGH           MS09-054
    213109    HIGH           MS09-046
    212494    HIGH           MS09-042
    212493    HIGH           MS09-041
    212490    HIGH           MS09-038
    212530    HIGH           MS09-034
    211784    HIGH           MS09-032
    211781    HIGH           MS09-029
    210625    HIGH           MS09-026
    210624    HIGH           MS09-025
    210621    HIGH           MS09-022
    210618    HIGH           MS09-019
    208380    HIGH           MS09-015
    208379    HIGH           MS09-014
    208378    HIGH           MS09-013
    208377    HIGH           MS09-012
    206981    HIGH           MS09-007
    206980    HIGH           MS09-006
    205735    HIGH           MS09-002
    204670    HIGH           MS09-001
    203806    HIGH           MS08-078
    203508    HIGH           MS08-073
    203505    HIGH           MS08-071
    202465    HIGH           MS08-068
    201683    HIGH           MS08-067
    201258    HIGH           MS08-066
    201256    HIGH           MS08-064
    201255    HIGH           MS08-063
    201253    HIGH           MS08-061
    201250    HIGH           MS08-058
    209275    HIGH           MS08-049
    209273    HIGH           MS08-045
    196455    MEDIUM         MS08-037
    194862    HIGH           MS08-032
    194860    HIGH           MS08-030
    191618    HIGH           MS08-025
    191616    HIGH           MS08-023
    191614    HIGH           MS08-021
    191613    HIGH           MS08-020
    187733    HIGH           MS08-008
    184380    MEDIUM         MS08-002
    184379    MEDIUM         MS08-001
    182046    HIGH           MS07-067
    179553    HIGH           MS07-061
    176383    HIGH           MS07-058
    170911    HIGH           MS07-050
    170907    HIGH           MS07-046
    170904    HIGH           MS07-043
    164915    HIGH           MS07-035
    164911    HIGH           MS07-031
    157262    HIGH           MS07-022
    157261    HIGH           MS07-021
    157260    HIGH           MS07-020
    157259    HIGH           MS07-019
    156477    HIGH           MS07-017
    150249    HIGH           MS07-013
    150248    HIGH           MS07-012
    150247    HIGH           MS07-011
    150243    HIGH           MS07-008
    150242    HIGH           MS07-007
    150241    MEDIUM         MS07-006
    ;====================================================================
    « Last Edit: February 18, 2010, 11:55:31 AM by evilfantasy »

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Re: Your system is infected! (Please help if you can)
    « Reply #16 on: February 18, 2010, 11:54:26 AM »
    Download OTM by OldTimer to your desktop.

    Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

    * Save it to your Desktop.
    * Double-click OTM.exe to run it.
    * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

    Code: [Select]
    :Processes
    explorer.exe

    :services

    :reg

    :files
    c:\windows\system32\msls50.dll
    c:\windows\system32\msls51.dll

    :Commands
    [resethosts]
    [purity]
    [start explorer]
    [Reboot]

    * Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    * Click the red Moveit! button.
    * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

    * Close OTM

    Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

    « Last Edit: February 18, 2010, 07:24:54 PM by evilfantasy »

    KayleyBug

      Topic Starter


      Beginner

      Re: Your system is infected! (Please help if you can)
      « Reply #17 on: February 18, 2010, 12:27:50 PM »
      I did as instructed, however I couldn't get the results as it rebooted immediately after it finished.
      After the re-boot as I kept getting this warning:

      userinit.exe - Unable to Locate Component

      This application has failed to start because msls51.dll was not found. Re-installing the application may fix this problem.

      Now only the desktop background is visible, I can open task manager but that's all, there's no toolbar or desktop icons or anything.

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      Re: Your system is infected! (Please help if you can)
      « Reply #18 on: February 18, 2010, 12:53:04 PM »
      Manually shut down the computer and then start it again.

      KayleyBug

        Topic Starter


        Beginner

        Re: Your system is infected! (Please help if you can)
        « Reply #19 on: February 18, 2010, 12:58:31 PM »
        Done. It's still the same, giving the same warning constantly. The background is the only thing there. I can open task manager and that's it.

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 489
        • Experience: Familiar
        • OS: Windows 10
        Re: Your system is infected! (Please help if you can)
        « Reply #20 on: February 18, 2010, 01:43:43 PM »
        Restart the computer. This time as it is loading up tap the F8 key until you get to the boot menu.

        Choose Last Known Good Configuration.

        Let me know how that goes.

        KayleyBug

          Topic Starter


          Beginner

          Re: Your system is infected! (Please help if you can)
          « Reply #21 on: February 18, 2010, 01:52:13 PM »
          Didn't go well, it's still the same, same warning about msls51.dll not found.

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          Re: Your system is infected! (Please help if you can)
          « Reply #22 on: February 18, 2010, 02:25:09 PM »
          Do you have your desktop back?

          KayleyBug

            Topic Starter


            Beginner

            Re: Your system is infected! (Please help if you can)
            « Reply #23 on: February 18, 2010, 02:26:19 PM »
            Nothing there at all except the background picture. No desktop icons, toolbar, nothing.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Re: Your system is infected! (Please help if you can)
            « Reply #24 on: February 18, 2010, 02:35:47 PM »
            On the Keyboard press (all at the same time) CTRL ALT Delete

            When the Task Manager cones up go to File > New Task > then type in explorer.exe and click OK.

            Did your desktop come up?

            KayleyBug

              Topic Starter


              Beginner

              Re: Your system is infected! (Please help if you can)
              « Reply #25 on: February 18, 2010, 02:38:44 PM »
              Explorer appeared briefly in the 'Applications' box of Tast Manager, with writing saying 'unable to locate component', then it dissapeared. My desktop did not come up.
              The msls51.dll box came up about 5 more times in the process.

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: Your system is infected! (Please help if you can)
              « Reply #26 on: February 18, 2010, 02:46:03 PM »
              On the Keyboard press (all at the same time) CTRL ALT Delete

              When the Task Manager cones up go to File > New Task > then type in rstrui.exe and click OK.

              Do you get the System restore window?

              KayleyBug

                Topic Starter


                Beginner

                Re: Your system is infected! (Please help if you can)
                « Reply #27 on: February 18, 2010, 02:48:39 PM »
                'Windows cannot find 'rstrui.exe'. Make sure you typed the name correctly, and then try again.'

                That's what happens each time I try.

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Re: Your system is infected! (Please help if you can)
                « Reply #28 on: February 18, 2010, 02:50:03 PM »
                Do you have your XP CD?

                KayleyBug

                  Topic Starter


                  Beginner

                  Re: Your system is infected! (Please help if you can)
                  « Reply #29 on: February 18, 2010, 02:53:36 PM »
                  No, it already had XP installed when I got it (over 3 years ago) and did not come with a backup XP disc.