westwoodnick
New Member
Hi there.
Today I got a nasty virus. I believe it is from the rogue Contraviro program.
Anyway here's my story.
I ran Malwarebytes and this found lots of infections.... I deleted and quarantined these problems then rebooted as suggested.
on reboot the screen went black and explorer did not open.
after searching around I found I could get my desktop open by Run > explore.exe and ending the process of the currently running explorer.exe.
This was great, I thought i had cracked it. The virus was gone and internet browsing was fine (no pop ups or IE jumping up). However, my other programs suffered itunes would not appear among many other (they were runny on task manager but not appearing)
Also I was having to boot my computer through the task manager run explorer technique everytime (annoying)
I could not cope with this so decided to MsConfig > system restore. to the point where the virus was most persistent (the start). From here I ran the Scan. This time I did not reboot. My computer behaved itself. All programs and files worked fine (Now and again IE popped up, but not like before. once every 10 minute rather than 100 per second)
This was a big improvement but I knew if I rebooted I would go back to the black screen since I had done the same scan (yes, I tried it sevrral times before) so, currently I'm just hibernating and resuming my jobs from a scan that has not been followed by a reboot.
This has led me to believe there is something that Malwarebytes is deleting when I reboots that is giving me the black screen and strange program symptoms. I just need to know what item in the LOG file needs restoring or fixing so that i can complete the scan and reboot and be totally back to normal.
All the infected files and registries are in quarantine, just need the correct one to be restored to have a successful boot -up
Anyway here's my log: I
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6001 Service Pack 1
2009-10-01 18:19:33
mbam-log-2009-10-01 (18-19-33).txt
Scan type: Quick Scan
Objects scanned: 95296
Time elapsed: 8 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 28
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\ieaddon.statusbarpane (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3ed0e410-5c8e-47b6-a75d-d10b886e903c} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ccb5551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccb5 551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{ccb5551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieaddon.statusbarpane.1 (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08eec6ad-7486-487f-89b7-5a3716ddae14} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{c0e56ac2-9f72-436e-b6e7-aec28af9e4eb} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127 ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont raviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\IEAddon.dll (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Contraviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.Contraviro) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\contraviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qgaqeseyo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pvibocimafe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Contraviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Contraviro\IEAddon.dll (Rogue.UnVirex) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\shellext.dll (Rogue.UnVirex) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv061253926400.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\AF.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\Contraviro.exe (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\hjengine.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\MFC71.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\MFC71ENU.DLL (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\msvcp71.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\msvcr71.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\pthreadVC2.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\siglsp.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\tdifw_drv_WLH.sys (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\tdifw_drv_WXP.sys (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\uninstall.exe (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Local\hexdhers.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Local\ubetihumenesanuz.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv381252921009.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv621252894422.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv651254270173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv771254042811.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Roaming\sdra64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Roaming\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Contraviro.lnk (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Contraviro.lnk (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
If anyone can help
I thank you so much
Kind Regards
Nick
Today I got a nasty virus. I believe it is from the rogue Contraviro program.
Anyway here's my story.
I ran Malwarebytes and this found lots of infections.... I deleted and quarantined these problems then rebooted as suggested.
on reboot the screen went black and explorer did not open.
after searching around I found I could get my desktop open by Run > explore.exe and ending the process of the currently running explorer.exe.
This was great, I thought i had cracked it. The virus was gone and internet browsing was fine (no pop ups or IE jumping up). However, my other programs suffered itunes would not appear among many other (they were runny on task manager but not appearing)
Also I was having to boot my computer through the task manager run explorer technique everytime (annoying)
I could not cope with this so decided to MsConfig > system restore. to the point where the virus was most persistent (the start). From here I ran the Scan. This time I did not reboot. My computer behaved itself. All programs and files worked fine (Now and again IE popped up, but not like before. once every 10 minute rather than 100 per second)
This was a big improvement but I knew if I rebooted I would go back to the black screen since I had done the same scan (yes, I tried it sevrral times before) so, currently I'm just hibernating and resuming my jobs from a scan that has not been followed by a reboot.
This has led me to believe there is something that Malwarebytes is deleting when I reboots that is giving me the black screen and strange program symptoms. I just need to know what item in the LOG file needs restoring or fixing so that i can complete the scan and reboot and be totally back to normal.
All the infected files and registries are in quarantine, just need the correct one to be restored to have a successful boot -up
Anyway here's my log: I
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6001 Service Pack 1
2009-10-01 18:19:33
mbam-log-2009-10-01 (18-19-33).txt
Scan type: Quick Scan
Objects scanned: 95296
Time elapsed: 8 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 28
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\ieaddon.statusbarpane (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3ed0e410-5c8e-47b6-a75d-d10b886e903c} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ccb5551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccb5 551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{ccb5551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieaddon.statusbarpane.1 (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08eec6ad-7486-487f-89b7-5a3716ddae14} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{c0e56ac2-9f72-436e-b6e7-aec28af9e4eb} (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127 ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont raviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\IEAddon.dll (Rogue.UnVirex) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Contraviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.Contraviro) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\contraviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qgaqeseyo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pvibocimafe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Contraviro (Rogue.Contraviro) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Contraviro\IEAddon.dll (Rogue.UnVirex) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\shellext.dll (Rogue.UnVirex) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv061253926400.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\AF.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\Contraviro.exe (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\hjengine.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\MFC71.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\MFC71ENU.DLL (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\msvcp71.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\msvcr71.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\pthreadVC2.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\siglsp.dll (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\tdifw_drv_WLH.sys (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\tdifw_drv_WXP.sys (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Program Files\Contraviro\uninstall.exe (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Local\hexdhers.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Local\ubetihumenesanuz.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv381252921009.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv621252894422.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv651254270173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv771254042811.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Roaming\sdra64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Roaming\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Users\Nick Westwood\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Contraviro.lnk (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Contraviro.lnk (Rogue.Contraviro) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
If anyone can help
I thank you so much
Kind Regards
Nick
