Author Topic: Win32: Bamital-AF (Read 6061 times)

sridutt3 · « **on:** October 27, 2010, 11:40:03 AM »

HI,I am new here..
I have avast 5.0.667 updated..n some how bamital-af got in.!!:(
I tried the methods essexboy n others gave,,but still avast says winlogon is affected..
Can anyone give me better methods..
Dr webcureit did cure winlogon.exe.
but explorer.exe is still infected..I cant remove it .help me.
my virus affected os is winxp sp3.I have dual os another one being win7 professional//
Help me out.

.: L' arc :. · « **Reply #1 on:** October 27, 2010, 01:23:17 PM »

Do you have a Windows XP CD (preferrably on SP3)?

sridutt3 · « **Reply #2 on:** October 28, 2010, 03:46:18 AM »

No,
I have got explorer.exe and winlogon.exe from a link essexboy provided for some one..
I have a dual os,with win7 as main one..So I guess I cant insert a win xp cd and boot from it..
Correct me if I am wrong..and tell me the method to do so..

.: L' arc :. · « **Reply #3 on:** October 30, 2010, 09:09:10 AM »

Also, with the fact that you don't have a Windows XP CD, it would be quite tough to work with infected explorer and winlogon.

Essexboy is already working on it. I'm sure he'll be able to help you.

Good luck.

SafeSurf · « **Reply #4 on:** October 30, 2010, 10:27:23 AM »

@ sridutt3,

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

If you have logs for Dr. Web, MBAM, or any other diagnostic tools you used, please post them as attachments (see below on how to post as attachments) so that we can help you. If anything is in the Avast Virus Chest, please post a screen shot of the items.

Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

I'm not sure if .: L' arc :. already contacted Essexboy or not regarding your case. However, I have notified him of your situation and he will review your logs after you post them. Essexboy comes to the forum late UK time. He will give you future instructions, so please check this thread daily.

After completing your OTL logs, do not make any further changes to your machine. Do you have any questions? Thank you.

sridutt3 · « **Reply #5 on:** October 31, 2010, 02:08:53 AM »

Hi I dont know..but some how I m not getting any warning msgs,,lately..

I am not sure tht solved this prob..But I m little hapier now..
I tried drwebcureit..n I think it solved the prob..with updated definitions

please guide me to confirming tht malware is gone.
THANK YOU..

I m gettin some virus containing mails to my gmail acc frm my uncle.N I think this malware is causing troubles online rather than offline..

SafeSurf · « **Reply #6 on:** October 31, 2010, 02:34:52 AM »

Quote from: SafeSurf on October 30, 2010, 10:27:23 AM

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

If you have logs for Dr. Web, MBAM, or any other diagnostic tools you used, please post them as attachments (see below on how to post as attachments) so that we can help you. If anything is in the Avast Virus Chest, please post a screen shot of the items.

Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

I have notified him [Essexboy] of your situation and he will review your logs after you post them. Essexboy comes to the forum late UK time. He will give you future instructions, so please check this thread daily.

After completing your OTL logs, do not make any further changes to your machine. Do you have any questions? Thank you.

Follow the above directions to make sure you are free of malware;sometimes malware can be hidden. Thank you.

sridutt3 · « **Reply #7 on:** October 31, 2010, 10:26:18 AM »

this is my otl log..I have used dolphin emulator after seeing no warning msgs..frm avast.
Also hitman pro is showing no threats identified.
please confirm tht my system is secure or not..!!

essexboy · « **Reply #8 on:** October 31, 2010, 12:18:59 PM »

That looks clear now - but a word of warning, be carefull with hitmanpro. I am currently working with someone who used it, it deleted userinit and winlogon. The system no longer boots

sridutt3 · « **Reply #9 on:** October 31, 2010, 05:59:45 PM »

THANK you essexboy n safesurf n particularly L arc who reacted swiftly to my post.

Can I uninstall the hitmanpro or delete combofix? should I keep em in my sys on Desktop always?

If yes..how to?Can i use control panel or is there any other way?
Thnx again..

essexboy · « **Reply #10 on:** October 31, 2010, 06:13:59 PM »

For hitmanpro use add/remove - for the rest ......

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Author Topic: Win32: Bamital-AF (Read 6061 times)

sridutt3

Win32: Bamital-AF

.: L' arc :.

Re: Win32: Bamital-AF

sridutt3

Re: Win32: Bamital-AF

.: L' arc :.

Re: Win32: Bamital-AF

SafeSurf

Re: Win32: Bamital-AF

sridutt3

Re: Win32: Bamital-AF

SafeSurf

Re: Win32: Bamital-AF

sridutt3

Re: Win32: Bamital-AF

essexboy

Re: Win32: Bamital-AF

sridutt3

Re: Win32: Bamital-AF

essexboy

Re: Win32: Bamital-AF