Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
I was infected with XP Security 2010 Trojan. Symptoms were: every time I treid to open anything, it said that thing was infected by a trojan and prompted me to register fake software XP Security 2010.

Fixed (I think): Reboot in safe mode + system restore to a week ago checkpoint

After that I installed Malwarebytes and scanned my whole computer. Simultaneously scanned with Panda antivirus. Both programs deleted several viruses/trojans, with one exception. Panda said that the file mswsock.dll in my system32 folder is infacted but neither it, nor I (manually) can delete it ( it's always being used).

Remaining symptoms:
1- Computer is running slow as if still infected.

2- Malwarebytes giving me a messages every few secs saying:

"Sucessfully blocked access to potentially malicious website: 83.133.119.155 (or variant)

Type: outgoing"

3- Eventhough I am able to connect to the internet, the connectivity icon on the bottom left taskbar is appearing as though it is still searching for connection, and giving the message : Acquiring network address.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #2 ·
I tried a scan with ESSET NOD32 AV, and it turns out that a Win32/Sirefef.DA trojan is hiding as svchost.exe and ESET was unable to clean it.

Log:
Scan Log

Version of virus signature database: 6673 (20111130)
Date: 11/30/2011 Time: 9:20:19 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;E:\Boot sector;C:\;E:\
Operating memory » \GLOBAL??\5020ddcd\WINDOWS\$NtUninstallKB36333$\1344331213\Desktop.ini - a variant of Win32/Sirefef.DN trojan - cleaned by deleting [1]
Operating memory » svchost.exe(1348) - probably a variant of Win32/Sirefef.DA trojan - unable to clean
Operating memory » \\.\globalroot\systemroot\system32\mswsock.dll - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » files.info - unsupported option
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWGTLPC0\background_gradient[2] - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWGTLPC0\bullet[1] - error opening [4]
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\SFX_Creatures.pak » ZIP » SFX/Creatures/ArchDemonMage.bsb - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\SFX_Creatures.pak » ZIP » - archive damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\Tortuga.Client.pak » ZIP » Maps/Tortuga/040_040/8_8_lightmapDown.bin - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\Tortuga.Client.pak » ZIP » - archive damaged
C:\Documents and Settings\Patches\USGala_1.1.04.44\data\Packs\World_Astral.pak » ZIP » World/Astral/Astral/Models/Astral_SkyBackGround03.(Geometry).bin - archive damaged
Scan terminated by user.
Number of scanned objects: 65869
Number of threats found: 2
Number of cleaned objects: 1
Time of completion: 11:46:16 PM Total scanning time: 8757 sec (02:25:57)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top