Author Topic: Not able to remove virus  (Read 5361 times)

0 Members and 1 Guest are viewing this topic.

ashpin

  • Guest
Not able to remove virus
« on: October 14, 2009, 06:53:35 AM »
Hi,

There was something horribly wrong with my laptop.
Yestereday, I downloaded Avest and fortunately, it could find somehting, which McAfee could not find.

Now the issue is, Avest says.

Virus found
c:\windows\system32\gasfyyoxkvlxm.dll

when I click on move to chest, it says "cannot process as it is being used by other programs."
I tried to delete permanently, it could not. I chose startup option.
It restarted, boot time scan started and even after that it could not remove.

I started in Safe Mode command prompt.
I checked this directory. I could not find any file named this.

Please help me, how ot get rid of this?

Regards,
Ashish Shah

Avastfan1

  • Guest
Re: Not able to remove virus
« Reply #1 on: October 14, 2009, 07:42:08 AM »
Hi,

I would recommend doing the following:

1. Download and update Avast (http://files.avast.com/files/latest/avast_home_setup.exe)
2. Download and update MBAM (http://www.malwarebytes.org/mbam-download.php)
3. Disconnect your computer from the internet (ie. pull the cable out or turn the router off)
4. Run a boot-time scan with Avast
5. Do a full scan with MBAM
6. Download and update SAS (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe)
7. Do a full scan with SAS
8. Download CCleaner (http://www.ccleaner.com/download/builds/downloading-slim)
9. Run Ccleaner
10. Download HJT (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe)
11. Run HJT and click 'Do a scan and save a logfile)

Post the results from Avast, MBAM, SAS and HJT here. The friendly Avast Forum members will be able to help you further :-)

Good luck!

Avastfan1

ashpin

  • Guest
Re: Not able to remove virus
« Reply #2 on: October 14, 2009, 07:49:28 AM »
Hi Avestfan,

Thanks for your prompt reply. I shall perform these steps tonight and post results, as I am currently in Office.
One more point, which I forgot to post.
The error was also talking about

Win32-Alurecon-CY [Rtk] found in operating memory area below the dll error.

I hope the steps you told me to perform, caters to this only. Am I right?

Once again thanks a lot for your prompt response.

Regards,
Ashish Shah

Avastfan1

  • Guest
Re: Not able to remove virus
« Reply #3 on: October 14, 2009, 08:04:23 AM »
Hi Ashpin,

That looks like a particularly nasty rootkit infection. A quick google search shows many hits.

When you have completed the scans, post the results and the forum will help analyse the results.

Best wishes,

Avastfan1

ashpin

  • Guest
Re: Not able to remove virus
« Reply #4 on: October 16, 2009, 12:40:24 PM »
Hi ,

I performed all of the steps repetitively and I guess my laptop is now cl eaned up. It was full of virus I guess.
Thanks for your guidence. I am greatful to you. All logs are attached with this mail. I request you to check log of Hijack this and let me know if I have to do anything more.

Regards,
Ashish Shah

YoKenny

  • Guest
Re: Not able to remove virus
« Reply #5 on: October 16, 2009, 01:01:47 PM »
Looks like SUPERAntiSpyware removed a rootkit and some tracking cookies that are nothing to worry about.

You did not let Malwarebytes (MBAM) remove what it found
Quote
Files Infected:
\\?\globalroot\systemroot\system32\gasfkyyoxkvlxm.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\a99k.bin (Trojan.Goldun) -> No action taken.
C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\MAJHAR\Favorites\MP3 Download.url (Rogue.Link) -> No action taken.
C:\WINDOWS\system32\sebdpx.sys (Trojan.Goldun) -> No action taken.
C:\WINDOWS\pxysdb.dat (Trojan.Goldun) -> No action taken.

Run MBAM then let it remove what it finds then reboot to let it remove locked files.

I see you are still running Windows Service Pack 2 so you should install Windows Service Pack 3 that has been available for over a year and contains several Critical Security updates plus performance improvements.

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

ashpin

  • Guest
Re: Not able to remove virus
« Reply #6 on: October 17, 2009, 07:54:46 AM »
Hi,

That was the first log.
I did boot time and then again windows scan. The result was no infected items.
But to give this forum of exact issues, I uploaded first log.
Yes, you are right. I will apply service pack 3 updates.

Thanks for your gentle suggestion. :)

Regards,
Ashish Shah

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: Not able to remove virus
« Reply #7 on: October 17, 2009, 12:02:16 PM »
    Your HJT log shows the following:

    (1) You are using Windows XP Service Pack 2. A newer Service Pack (SP3) is already available for download via Microsof Update. Please consider upgrading as soon as possible for the possible security patches and stability fixes.

    (2) You seem to use Windows XP's firewall or no firewall at all. You may enhance your protection by installing a firewall with Outbound Protection that XP's firewall does not support. Example of good firewall are:
    NOTE: Do not install two or more firewalls.

    (3) R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
           This is a Mininova toolbar linked with Vuze. If you did not intentionally install this, you may fix this entry and uninstall the toolbar.[/list]
    Windows 7 (64-bit) Home Premium SP1
    avast! 9 RC1

    ashpin

    • Guest
    Re: Not able to remove virus
    « Reply #8 on: October 18, 2009, 06:42:50 AM »
    Hi,

    Thanks for your reply.
    I shall take care for 1 & 2.

    How to fix 3[Mininova]. I tried to uninstall MiniNova, but it is not getting uninstalled.

    I appreciate your help.


    Regards,
    Ashish Shah

    Offline .: L' arc :.

    • Avast Evangelist
    • Super Poster
    • ***
    • Posts: 1780
    • Thinking with Portals
    Re: Not able to remove virus
    « Reply #9 on: October 18, 2009, 08:05:20 AM »
    Hi,

    Thanks for your reply.
    I shall take care for 1 & 2.

    How to fix 3[Mininova]. I tried to uninstall MiniNova, but it is not getting uninstalled.

    I appreciate your help.


    Regards,
    Ashish Shah

     Mininova could probably be linked with Vuze. Did you remeber having a on option on installing toolbars during your Vuze installation? If yes, then Mininova could probably be uninstalled together with Vuze.
    Windows 7 (64-bit) Home Premium SP1
    avast! 9 RC1