Trojans, malware...Seriously infected I think...

[Ulrazagul]

Hi everyone...I'm really worried about this.
Let me start.

I was using Microsoft Essentials on my laptop...everytime it said the computer was safe until one day I made a full scan...for my suprise the computer is infected and I from there start getting paranoied. It found some a Trojan called EyeStye B and other one C. Microsoft deleted them...ran a full scan again and didnt found anything else? Is my problem resolved?

And then I went to my desktop...ran a full scan with microsoft essentials, nothing found...Wasn't convinced and downloaded Malwarebyte Anti-Malware and then it found somethings.

I took this from the Malwarebytes log

"HKCU\SOFTWARE\VÍTIMA (Backdoor.Trace) -> Moved to quarantine and deleted with success.

...

HKCU\Software\vítima|FirstExecution (Backdoor.Trace) -> Dados: 20/06/2010 -- 18:45 -> .Moved to quarantine and deleted with success

...


 And 3 files were detected with this

C:\Programas\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) ->
C:\Programas\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) ->
C:\Documents and Settings\myUser\Application Data\logs.dat (Bifrose.Trace) -> Moved to quarantine and deleted with success




I'd really appreciate if someone could help me!

Thanks in advance.

[Pondus]

help with what ....




if you think you are infected......follow guide and attach logs
http://forum.avast.com/index.php?topic=53253.0

[Ulrazagul]

help with what ....




if you think you are infected......follow guide and attach logs
http://forum.avast.com/index.php?topic=53253.0

Hi Pondus,

sorry I didn't make myself very clear, once again I ran a full scan with Malwarebytes and it didn't find anything...the thing is I'm worried that something maybe hidden and that's what's worrying me, should I still post the logs? ( I'm doing this on my desktop, I haven't turned on the laptop after doing the scan with microsoft essentials.)

Tomorrow I'm gonna scan my laptop with malwarebytes and see what comes up?

One more thing is it possible that the virus could go to computers that are using the same network?

Sorry about this, but this forum and you guys seemed the best option to ask for help from what I found in the search results.

Thanks...

[Pondus]

should I still post the logs?

as i said above if you think you are infected .......

[Ulrazagul]

should I still post the logs?

as i said above if you think you are infected .......

OTL isn't working, is it because of Malwarebytes Anti-Malware or my other anti-virus (kaspersky)?

Meanwhile here's the Malwarebytes log, perfectly clean.

----


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
 [administrator]

Protection: Enabled

16-08-2012 19:54:56
mbam-log-2012-08-16 (19-54-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190738
Time elapsed: 21 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Ulrazagul]

BUMP 

How can I make OTL work?

Can I do the  aswMBR.exe  part without doing OTL? Excuse me all the questions but I just don't want to mess things up...

[Asyn]

1. How can I make OTL work?

2. Can I do the  aswMBR.exe  part without doing OTL?

1. Try it in safe mode.
2. Yes.

[Ulrazagul]

Kaspersky is telling me that  aswMBR.exe might not be safe, it says it detected PDM.Suspicious driver installation and that it is trying  to download something to C:\DOCUMENTS AND SETTINGS...\TEMP\ASWMBR.SYS.

I should run it right? No worries?

[Asyn]

I should run it right? No worries?

Yep.

[Ulrazagul]

1. How can I make OTL work?

2. Can I do the  aswMBR.exe  part without doing OTL?

1. Try it in safe mode.
2. Yes.

There you go aswMBR.exe is attached.

By the way, trying OTL in safe mode? How do I do that? pressing F8 or something while the pc initiates, is that it?

[Asyn]

By the way, trying OTL in safe mode? How do I do that? pressing F8 or something while the pc initiates, is that it?

Yes.
-> http://en.wikipedia.org/wiki/Safe_mode

[Ulrazagul]

By the way, trying OTL in safe mode? How do I do that? pressing F8 or something while the pc initiates, is that it?

Yes.
-> http://en.wikipedia.org/wiki/Safe_mode

I got a red line on aswMBr...that means something's bad?

Meanwhile I'll do the OTL in safe mode

[Asyn]

1. I got a red line on aswMBr...that means something's bad?

2. Meanwhile I'll do the OTL in safe mode

1. Yes, you're infected, but you knew that before, didn't you.
2. OK.

[Ulrazagul]

1. I got a red line on aswMBr...that means something's bad?

2. Meanwhile I'll do the OTL in safe mode

1. Yes, you're infected, but you knew that before, didn't you.
2. OK.

1- Yes, but are we gonna be able to fix it? Is it dangerous?

Thanks for everything by the way..

[Ulrazagul]

Hey...Tried running OTL in safe mode, still didn't work!

God...how am I gonna get rid of this??