• Content count

  • Joined

  • Last visited

About i-dont-like-da-virus

  • Rank
    New Member

Contact Methods

  • ICQ
  1. Hi, I like Malwarebytes and I have some questions and suggestions. 1. How come the protection module only finds malware running in the background and doesn't notice if I open/download a virus? 2. I have a collection of malware (mostly viruses and spyware) that Malwarebytes does not and cannot detect and I would like to contribute them so that Malwarebytes can be better. Where/how can I give this? Also, Do you have any ideas for additional antiviruses or firewalls for my new uninfected computer? Thank you
  2. Yes, mine freezes on a Trojan.Fakealert file (C:/WINDOWS/TEMP/tmp4.tmp) when i click on the quarantine/delete thing after scanning, i have no zonealarm
  4. no help? seriously, i need help.
  5. First, I can't install Spybot S&D: the installer doesn't open when i click it and if i rename it, my computer freezes. When I do a MBAM scan, it detects a lot of stuff like Trojan.Vundo (H) and Trojan.Agent and Trojan.Fakealert, but when I click delete, the computer freezes on a file C:\WINDOWS\TEMP\TMP4.tmp when its being deleted, also, different times I scan, there are different amount of viruses, sometimes there is Trojan.BHO or Trojan.BHO.H.When i click save logfile, my computer freezes, also I notice that my computer freezes like after 10 or 15 minutes of use. Should I write down the malware I get when I scan and the filepaths/registry keys+values? Because i can't save the log can't i write it down and type it here? Here is my Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:46:00 AM, on 12/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\AppleOSSMgr.exe C:\WINDOWS\system32\AppleTimeSrv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\IRW.exe C:\Program Files\Boot Camp\KbdMgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\Rickie\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = O2 - BHO: (no name) - {1d4a736d-aea8-41b2-9378-8aa5b1df94da} - C:\WINDOWS\system32\getovojo.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\\IPSBHO.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\\coIEPlg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iRW] C:\WINDOWS\system32\IRW.exe O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdyem.exe] C:\WINDOWS\system32\kdyem.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [tajakukoba] Rundll32.exe "C:\WINDOWS\system32\ludotoja.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [tajakukoba] Rundll32.exe "C:\WINDOWS\system32\ludotoja.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [tajakukoba] Rundll32.exe "C:\WINDOWS\system32\ludotoja.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: aksslb.dll C:\WINDOWS\system32\dovamewo.dll C:\WINDOWS\system32\ludotoja.dll O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe -- End of file - 6504 bytes I have a log from half a quick scan: these malware are still here, but more: Malwarebytes' Anti-Malware 1.30 Database version: 1410 Windows 5.1.2600 Service Pack 2 12/6/2008 5:14:14 AM mbam-log-2008-12-06 (05-14-14).txt Scan type: Quick Scan Objects scanned: 14744 Time elapsed: 1 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\yofamoyu.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\besehevi.dll (Trojan.BHO) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2bff9f6d (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\yofamoyu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\yofamoyu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\besehevi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\besehevi.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ratifuya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ayufitar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\idugodig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\yofamoyu.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\besehevi.dll (Trojan.BHO) -> Delete on reboot. All of these are still on my computer and also a lot of .tmp files
  6. Some of them aren't named properly, only with numbers, sorry
  7. Can I upload some viruses for you guys to add to the mbam list because it doesn't detect a lot of them, only a bit? I have an alphabetically indexed collection? Where do i upload it? because i want users to be protected against them. i attached my letter B viruses to this, if you don't likke it, you can delete this post
  8. I didn't know about cracked software and stuff before; i now know never to go to those websites. Thanks, i will post logs soon
  9. I read your reply, but need help with things.. First, my malwarebytes can't update; it says that it can't connect and check the firewall but my windows firewall is off. I think this is because i was so dumb as to download a Norton Internet Security 2009 demo and a weird pprogram to disable the trial. i don't think it was a crack because i dindnt need to replace anything, but i did it. i installed notron then it told me to restart so i did then when i came back, the norton cant open thouhg the processes are there. I tried disabling the service in msconfig but when i do that, i can't connect to internet. i can't unistall norton eitheer because the program emessed up then untinstaller so it doesnt open eitehr. I think norton is blocking mbam from updating? Is there a manuall way to update my mbam? i tried both servers but it didn't work. Please help me, i know im bad at spelling and grammar and punctuatuin, sorry. Btw, i have trojan.agent and trojan.vundo (.h?) on my pc, when i try to quartaine it after a scan, my pc freezes. And also, my pc freezes like every 10 minutes. I think my ISP is infected with vundo cause my freidns who use the same ISP also got infected. i got the infection when brwosing internet (wikipedia, nothing bad) on windows (i normally use mac) also, my advertising got hijacked by adv.net (b1.adv.net) and i keep getting popups from adv and mtn5.goole.ws even on my Mac. was it trojan.dnschange that is messing up my wifi or not? Please help me, i beg you PS I have a big collection of viruses, can i upload it for testing because other AVs detect them but mbam doesn't?
  10. also, i can't update malwarebyets even when i dont got viruses
  11. hi, i got the protection module working and stuff but i stil keep getting viruses. before, i had vundo so i downloaded malwarebyes and removed it and then a moth later it came back then i removed it now i got vundo again and trojan.agent. when ever i try to delete them, the whole windows freezes as it quaratintes one of the registry keys. when i startup, i keep getting windows tiiled RUNDLL and iit says like error or something about weird dlls like kahfdkljahkg.dll or nadkfnsk.dll, thats not the real name but u get it. pleasepleaseplease help me remove this *@!# from my pc pleasse