FBI virus, unable to login using safe boot

Status
Not open for further replies.

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi Here is the log

ESET SCAN
C:\FRST\Quarantine\bppclnpvrM.exe a variant of Win32/Kryptik.AQQG trojan cleaned by deleting - quarantined

MBAM LOG
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.21.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Hikya :: KARTHIK-RAMYA [administrator]

Protection: Disabled

21/02/2013 7:15:41 PM
mbam-log-2013-02-21 (19-15-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211897
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Regards
Karthik G
 

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

I had performed Step 2 and included its log. You mean restart the machine and perform a full scan this time, instead of a quick scan?

REgards
Karthik G
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Yes we have to do Full Scan... :) Do you do the Full scan this time or Just Quick Scan?
 

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Performed full scan this time. Nothing found. Given below is the log.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.21.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Hikya :: KARTHIK-RAMYA [administrator]

Protection: Enabled

21/02/2013 8:09:32 PM
mbam-log-2013-02-21 (20-09-32).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 468260
Time elapsed: 2 hour(s), 35 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks
Karthik
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply




STEP 2: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
 
Last edited by a moderator:

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

JRT.TXT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Hikya on 22/02/2013 at 7:36:42.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-78491554-1894749589-2703256951-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files

Successfully deleted: [File] "C:\Users\Hikya\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Hikya\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Hikya\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Hikya\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Hikya\appdata\locallow\babylontoolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/02/2013 at 8:02:44.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwareClearner LOG

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 08:11:25
# Updated 10/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Hikya - KARTHIK-RAMYA
# Boot Mode : Normal
# Running from : C:\Karthik\Temporary\Download\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\1ClickDownload
Deleted on reboot : C:\Users\Hikya\AppData\Roaming\Mozilla\Firefox\Profiles\ga08p41b.default\extensions\OneClickDownload@OneClickDownload.com

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\a2dcdcb134ee44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\a2dcdcb134ee44
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Hikya\AppData\Roaming\Mozilla\Firefox\Profiles\ga08p41b.default\prefs.js

C:\Users\Hikya\AppData\Roaming\Mozilla\Firefox\Profiles\ga08p41b.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2570 octets] - [22/02/2013 08:07:58]
AdwCleaner[S1].txt - [2559 octets] - [22/02/2013 08:11:25]

########## EOF - C:\AdwCleaner[S1].txt - [2619 octets] ##########

Thanks
Karthik G
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay Cool.... How's Everything working on the computer now? Are you facing any other issues on the computer now?
 

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Just doing minimal browsing, so far things are good. Nothing specific.

Regards
Karthik G
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
No issues Just work on the computer Normally you do and if there is any issues found let me know... :)

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link




Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

<hr />
What's next?
  1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
  2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
  3. Be an active member in the MalwareTips community! :)



My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Sure, let me adopt these steps and be safe. Having said that I cannot thank you enough for your valuable time and timely response. From the bottom of my heart I really thankyou and the MW team for this tremendous support to amateurs like me. This last two weeks had induced deep thoughts of giving back our knowledge to our society. I hope this urge lives in me and enables me to do my best to this society.

Once again many thanks.

Cheers
Karthik G
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
My pleasure.... :)

This thread is now closed.​
Reason:&nbsp;<span style="color: #ff0000;">Issue Resolved</span>

<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only.&nbsp;&nbsp;Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.&nbsp;&nbsp;</></span>

<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>

All members requesting Malware Removal Assistance are required to follow all procedures in the thread


My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top