1 reply to this topic

[mbelgrano]

I have scanned and cleaned my pc with malwarebytes
now i receive error when login my pc :invalid handle

How can restore?
first i have BM5796bdc3 virus
but now i can't use my pc

I receive same error in "modalita provvisoria"

Thanks in advance

[mbelgrano]

My machine start and i see my desktop only if i boot after f8 last know configuration(vista sp1)
But only first time is ok
In each logon i recevice with all user messages "handle is invalid "
Here log og malwarebytes who seem ok
I think that something of bad is appened then i scan and remove twice with malware
and i have problem


Malwarebytes' Anti-Malware 1.20
Versione del database: 948
Windows 6.0.6001 Service Pack 1

19.06.08 14/07/2008
mbam-log-7-14-2008 (19-06-07).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 49104
Tempo trascorso: 9 minute(s), 35 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 2
Chiavi di registro infette: 9
Valori di registro infetti: 7
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 10

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Windows\System32\mlJBQJbX.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\awtUmLbB.dll (Trojan.Vundo) -> Unloaded module successfully.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b488306-1982-4a57-aec4-a01870387120} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7b488306-1982-4a57-aec4-a01870387120} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5412b93f-2c96-4b96-91e0-96156fa023be} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm5796bdc3 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5412b93f-2c96-4b96-91e0-96156fa023be} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbqjbx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbqjbx -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Windows\System32\mlJBQJbX.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\XbJQBJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\XbJQBJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ccxhvc8.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\XXCHVC8.BAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\win-bash.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\awtUmLbB.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\mvejlmgx.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\yayxYOGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.20
Versione del database: 948
Windows 6.0.6001 Service Pack 1

18.41.52 14/07/2008
mbam-log-7-14-2008 (18-41-52).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 48548
Tempo trascorso: 13 minute(s), 53 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 6
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 11

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80a54e50-dfe1-4a42-aa7d-ed9ed7615da5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80a54e50-dfe1-4a42-aa7d-ed9ed7615da5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b757e413-323f-4e67-840f-1c93e89d07e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b757e413-323f-4e67-840f-1c93e89d07e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df9f014c-6f12-4cea-a909-b66d1933f00d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df9f014c-6f12-4cea-a909-b66d1933f00d} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlectrrj -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Windows\System32\mLeCtrRj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jRrtCeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jRrtCeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXOIbyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yybIOXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yybIOXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urqNDTKc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cKTDNqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cKTDNqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rahbqcxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yxcqbhar.ini (Trojan.Vundo) -> Quarantined and deleted successfully.