Scared

[addirockart]

thanks YoKenny, that will help a lot. I was wondering what the dif from newb to Jr was

[Tarq57]

its been scanning it for over an hour ... also: do you think SAS should be renamed too?

scan has hit 2 hours... should I abort?

No need to rename SAS.
If it is scanning the L drive, might as well abort the scan at this point, and let's see what else has been detected, if anything.
Do you actually have 1Tb of files on that drive, or rather less? (Occupied space, please.)

Updating etc can wait until this adventure is done with.
You can modify your profile anytime now.

[addirockart]

277GBs of music, art, PSDs, etc etc...


Malwarebytes' Anti-Malware 1.42
Database version: 3426
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/25/2009 5:35:23 AM
mbam-log-2009-12-25 (05-35-18).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 191913
Time elapsed: 1 hour(s), 59 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP193\A0074283.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP193\A0074285.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP193\A0074284.dll (Trojan.Vundo) -> No action taken.

[Tarq57]

Looking OK.
I'm about to go to bed shortly. What I recommend is a scan with Avast (just the C drive) to see if any of those reg settings it alerted about before are detected.
Reg settings without the associated files are inert of themselves, so there is no big urgency. It is best to remove them, though, as they are likely to create startup/shutdown error messages similar to the one you reported earlier.

Here is a text I composed for posting earlier, then held off as a result of your "GAHHH" post. Since I'm going to be away for 8hr+ it should offer you some good guidance to work with. Others may post advice here too, this forum is good like that.

As Spiritsongs mentioned earlier, probably Oldtimer and Essexboy are the ones most qualified here to remove malware that is "tricky".
This is getting you to a workable state, though. So there's the caveat: I've been involved in helping users clean their computers with often apparent good results (depending on the infection) but I have no formal training.
What to do next?

Earlier YoKenny provided a link for Ccleaner slim. Grab that, and install it. Tick anything that has a "temp" in the name, including temporary internet files, and run it. An alternative to the (popular) Ccleaner is ATFCleaner. I like this one for these purposes because (1) It's a small download, (2) it requires no installation and runs from the download location, (3) it is hard to damage your system using it. (If you try a bit you can bork your settings using Ccleaner.)

Check the Windows Security centre, and your Windows firewall is turned on. These can be accessed from the control panel. If you can't get the firewall on, or ascertain that it is on, skip the next step.

Check the Security Centre is actually working by pausing the Avast Standard shield very briefly. A red shield and warning should appear in the system tray. It should vanish when you resume the standard shield.

All good so far? Reboot the computer and run a quick scan with Avast.

Scan your external drive with MBAM, and maybe Avast also.

How's everything running?

Later:

Update your IE to IE8. This has been available for a while.
Go to MS Update and have it check that you don't need any more updates that may be missing. Make sure Windows Update (access at Automatic Updates in the Security Centre from the control panel is set to either "automatic", "download" or "notify". If it's off, don't leave it off.

Have a look at some of these tutorials and info pages about security.
MajorGeeks (Lots of good info, appears not to have been updated in a while.)
SpywareInfo (ditto).
Consider getting and learning to use a 2 way firewall. I use PCTools because it's fairly easy to use, and effective. The point of this is that if any malware tries to "phone home" the firewall should block it until you "OK" the prompt.
Consider installing PSI by Secunia. Or at least use the online scan. This will alert to any out of date and vulnerable software you have installed, and provide a sensible toolkit to update same. You might be surprised.

[Tarq57]

PS: Malware detected in "system volume information" relates to system restore.
Turn system restore off, reboot the computer, turn it back on. All restore points gone, and any malware with them.

'Night.

[addirockart]

thank you so much! nighties... and I am so happy to accept anyone elses' input as well...gotta be running like new in  less than 6 hours!!!

[YoKenny]

Being a Jr is much better than a newb 

This is a great place to learn as I have done.

IE8 is more secure than IE7 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

Nite Tarq57.  Hope you enjoyed Christmas dinner with family and friends.

[addirockart]

if fully updated avast and MBAM and SuperAntiSpyware are all giving 100% clean readings, is it safe to connect to net now

[Spiritsongs]

   Hi :

 Never can be 100% sure it is "safe" to connect to the Net ; only way is to try
 and see what happens !?  At times, using Malwarebytes Anti-Malware,
 "SUPERAntiSpyware", a "cleaner" like CCleaner or ATF Cleaner is the "starting"
 point in a malware-removal "process" and other times they are all that is
 needed .

 Some have recommended you "Upgrade" to IE8 ; I recommend you read the
 following BEFORE making a decision on that :

 1) "More reasons to postpone that upgrade to IE 8"

http://WindowsSecrets.com/comp/090409

2) "No reason to rush your upgrade to IE 8"

http://WindowsSecrets.com/comp/090402

3) "IE8 causes big problems on some PCs"

http://WindowsSecrets.com/comp/090611 .

[Tarq57]

Well, I'm not about to debate that information on upgrading to IE8, much.
On the one hand you are looking at some articles that quote an apparent handful of unfortunates' experience with the upgrade vs the majority view (I believe) to update.
The writing style (to me) appears more FUD than data. The most recent article is 6 months old, and appears to relate to 3 computers.
Not exactly that much to go on. I wonder how many users successfully migrated to IE8 at the same time, using XP?

Spiritsongs, I take it you had problems with IE8? Or know someone who has? Or have read more than just those reports?

[Stevenson]

Hello people!

I'm a new member here,and I need your help.
I think I got this virus siszyd32.exe also.It infected my computer.My cpu is working at 100%!
If I can running ad-adware proctection,I can use the computer,but it takes a long time to start the program.
How can I destroy it?
What should I do?Which programmes shoud I try to use to search the infected files?
Thank you for your helping.

[Pondus]

Hello people!

I'm a new member here,and I need your help.
I think I got this virus siszyd32.exe also.It infected my computer.My cpu is working at 100%!
If I can running ad-adware proctection,I can use the computer,but it takes a long time to start the program.
How can I destroy it?
What should I do?Which programmes shoud I try to use to search the infected files?
Thank you for your helping.

http://forum.avast.com/index.php?topic=52566.0

[addirockart]

everything seems to be okay, but I'm still suspicious of my computer. I'm unsure of to do to make sure its gone for good...

[Tarq57]

It's probably gone for good.
Did you check out and carry out my recommendations here (including removal of system restore points)? (And especially in regard to going to secunia to get a software vulnerability scan done)?

You could run another (and another) demand scan periodically, some other applications (apart from MBAM and SAS) include Asquared, from emsi software, DrWeb Cureit from DrWeb, and SpwareTerminator (not my fave) from Crawler.com, and definitely another scan using Avast.

If nothing is detected after repeat scans, and your new two-way firewall is not asking for unknown apps to connect to the net, chances are extremely high that the computer is clean.

The only way to be 100% certain is to format and reinstall Windows. Personally I would consider that unnecessary.