Hi, im using windows xp, i have one admin account and one guest account
but when i log into admin it freezes but the guest account works fine
when i run the the avast antivirus it from the guest account it does not check the admin account
and odes not let me take action against viruses from the guest account as it creates an error
http://img150.imagevenue.com/loc765/th_68313_ScreenHunter_02_May._02_13.43_122_765lo.jpg
so i cant download any other programs to check whats wrong (since i cant check admin account)
the antimalwarebytes found 5 trojans/viruses which needs to be deleted on reboot, but the always reappear as soon as i run the antimalwarebytes again
can anyone help
here is the script that malware produced after i tried to take action (ive also done thorough scan but makes no differnce)
Malwarebytes’ Anti-Malware 1.36
Database version: 2028
Windows 5.1.2600 Service Pack 3
02/05/2009 13:15:17
mbam-log-2009-05-02 (13-15-17).txt
Scan type: Quick Scan
Objects scanned: 68940
Time elapsed: 11 minute(s), 35 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 6
Memory Processes Infected:
C:\WINDOWS\system32\userinit32.exe (Trojan.Agent) → Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) → Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastia (Trojan.FakeAlert) → Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) → Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) → Data: c:\windows\system32\userinit32.exe → Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) → Bad: (C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\userinit32.exe,) Good: (userinit.exe) → Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) → Delete on reboot.
C:\WINDOWS\system32\mac32 (Stolen.Data) → Delete on reboot.
Files Infected:
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) → Delete on reboot.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) → Delete on reboot.
C:\WINDOWS\system32\mac32\cbt.lc (Stolen.Data) → Delete on reboot.
C:\WINDOWS\system32\mac32\cc.lc (Stolen.Data) → Delete on reboot.
C:\WINDOWS\system32\userinit32.exe (Trojan.Agent) → Delete on reboot.
C:\Documents and Settings\fam\Application Data\userinit32.exe (Trojan.Agent) → Quarantined and deleted successfully.