Gaming OMFG! I NEED HELP! I think I got a Virus ffs

[Skyline969]

Okay, so I've successfully restarted my computer and successfully entered Safe Mode with Networking. I downloaded and installed MalwareBytes on my computer and I'm running the scan. Hopefully, I will not lose THIS computer. I've already lost my Windows XP when I was like 8-9 years old. After 5 years of messing around with computers and experiencing viruses of all sort, I'm still not careful. If this computer, dies I cannot get another computer.

I hope you selected a FULL scan, because you need that. Once that's done, like a previous user posted, a log file should pop up when the scan is done. Please post the contents of that log here. If a log doesn't pop up, then don't worry about it. Good luck!

 

[I am r4ymond]

Oh btw if log comes up can you please post it.

Okay. I finished scanning and removed all infections and then exited the log, but I found the log again and here it is:

Spoiler

QUOTEMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943

9/11/2010 8:19:49 PM
mbam-log-2010-09-11 (20-19-49).txt

Scan type: Quick scan
Objects scanned: 137626
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\99103199 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Raymond\AppData\Local\99103199.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Raymond\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Raymond\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.

 

[Skyline969]

Bingo. That should have fixed it. Please post back once you boot normally into Windows and give us the status of your system.

 

[BloodyFlame]

Oh btw if log comes up can you please post it.

Okay. I finished scanning and removed all infections and then exited the log, but I found the log again and here it is:

Spoiler

QUOTEMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943

9/11/2010 8:19:49 PM
mbam-log-2010-09-11 (20-19-49).txt

Scan type: Quick scan
Objects scanned: 137626
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\99103199 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Raymond\AppData\Local\99103199.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Raymond\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Raymond\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.

Looks like it was successful.

 

[Skyline969]

Oh, I just looked at the log again. I would recommend rebooting back into Safe Mode and running the FULL SCAN. Quick scans usually only get most of the viruses, not all of them. A full scan takes a lot longer but fully removes all traces of viruses, including ones that hide themselves in "unconventional" areas on your system.

 

[I am r4ymond]

Bingo. That should have fixed it. Please post back once you boot normally into Windows and give us the status of your system.

I restarted my computer right after I removed the infections. Everything seems fine now, thankfully. I'm currently performing virus scans and performing other scans that would help, like a registry fixer.

I've realized that I don't really like AVG, and prefer my old anti-virus, which is Norton Anti-Virus, even though it has misleading scans and stuff. AVG couldn't even detect the Infection.

 

[Hakoda]

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\99103199 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Raymond\AppData\Local\99103199.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Raymond\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Raymond\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.

That right there sounds like it but I would take Skyline's advice and run a full scan.

 

[sendyo]

Yes please post back if there are still some problems.

 

[Infinite Zero]

Just do a full scan in safe mode to make sure everything's fine. Rogue viruses are sneaky y'know. And I prefer KIS than Norton

Norton is bloatware

 

[Skyline969]

Bingo. That should have fixed it. Please post back once you boot normally into Windows and give us the status of your system.

I restarted my computer right after I removed the infections. Everything seems fine now, thankfully. I'm currently performing virus scans and performing other scans that would help, like a registry fixer.

I've realized that I don't really like AVG, and prefer my old anti-virus, which is Norton Anti-Virus, even though it has misleading scans and stuff. AVG couldn't even detect the Infection.

Some viruses can "hide" themselves if you're not in Safe Mode, just a thought.
As for an antivirus, if that's a LEGITIMATE Windows machine (no cracks for activation, etc), I recommend using Microsoft Security Essentials. Otherwise, Avast Free Antivirus is much better than AVG in terms of both catching viruses and being less of a resource hog on your system.

 

[sendyo]

Btw just to be sure all the virus are gone try using ComboFix real quick.

 

[I am r4ymond]

Bingo. That should have fixed it. Please post back once you boot normally into Windows and give us the status of your system.

I restarted my computer right after I removed the infections. Everything seems fine now, thankfully. I'm currently performing virus scans and performing other scans that would help, like a registry fixer.

I've realized that I don't really like AVG, and prefer my old anti-virus, which is Norton Anti-Virus, even though it has misleading scans and stuff. AVG couldn't even detect the Infection.

Some viruses can "hide" themselves if you're not in Safe Mode, just a thought.
As for an antivirus, if that's a LEGITIMATE Windows machine (no cracks for activation, etc), I recommend using Microsoft Security Essentials. Otherwise, Avast Free Antivirus is much better than AVG in terms of both catching viruses and being less of a resource hog on your system.

Gah, right when I felt like everything was fine..."Some viruses can hide themselves if you're not in Safe Mode"

Time to go back to Safe Mode.

 

[sendyo]

Two things can you still access windows update and if your looking for a registry fixer try using registry booster.Might be useful.

 

[I am r4ymond]

Yep...turns out that Skyline was correct. I did a full scan for 14 minutes and it detected 3 more infected files. Turns out that they were hidden. :l

 

[BloodyFlame]

That's great! Let's hope something like this never happens again.

 

[sendyo]

I really recommend this to be sure you got rid of all the viruses:http://www.combofix.org/downloadlink.php

 

[sendyo]

Two things can you still access windows update and if your looking for a registry fixer try using registry booster.Might be useful.

I said this earlier but didn't get a response.

 

[I am r4ymond]

Two things can you still access windows update and if your looking for a registry fixer try using registry booster.Might be useful.

I said this earlier but didn't get a response.

I already have a registry fixer and, yes, I can still access Windows Update.

Well, I finished a full scan with MalwareBytes and my computer is truly running perfectly again. Thanks for all the help, GBAtemp Members! I don't know what I would do if I had not joined this Community. I would probably be computer-less for 2 years.

 

[Skyline969]

As a follow-up, I recommend two more programs for total system maintenance: CCleaner (both the garbage data removal and the registry cleaner) and Eusing Free Registry Cleaner (which manages to clean up more parts of the registry than CCleaner looks in... I recommend using it after CCleaner's registry cleaner).