Infected with Antivirus XP 2008 Malware?

Hello,

First time in the forum. I having problems with the antivirus xp 2008 software/malware. I tried running the Avast software, I followd what was suggested during the scan, but after rebooting, the same problem exists. I can see the antivirus xp 2008 shortcut on my desktop… I tried to put the system restore in off mode and did the scan, same thing.

Appreciate any help I can get.

Thanks!! :-[

mod- could you move this to virus and worms?

Hi nasty you have there but usually fixable
leave your system restore alone

what os? firewall? any other anti-malware apps?

first rt click the ball update>programs (just to be sure)
then open avast and schedule a boot time scan and reboot
(just rebooting may remove some early versions of this malware if nothing was clicked)

move any hits to the avast chest and post the log

then go to malwarebytes.org download page and run their free ROGUE REMOVER and Anti Malware
With Anti Malware put a check next to any hits then click REMOVE CHECKED- a backup will be made
a quick scan is fine- post the log

then download, update, and run SuperANTISPYWARE -
send any hits to quarantine do not delete/ remove - post the log - exclude cookies

well go from there

Thanks for the reply Wyrmrider. I have Windows XP, firewall is the one provided by Microsoft. I’m not well-versed and up-to-date with softwares, first time to get hit with malware (lap top.)

I will scan again and post (cut & paste?) the log from the chest. Will do the downloads as well and will keep you posted.

Thanks again… :slight_smile:

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

  1. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Also Try this tool, RogueRemover from the same company, available here http://www.malwarebytes.org/rogueremover.php

  1. SUPERantispyware On-Demand only in free version.

great replies
you actually answered the questions what a breath of fresh air :slight_smile:
let’s talk about a firewall with outbound protection when when we get the fire out
also make a note to run “Secunia Software Inspector” and get everything updated
if you find your java is out of date then run “javara” to help remove all old versions which remain on your computer and are still vulnerable

looking forward to your posts- but I’ll be gone a couple of days
but as you can tell you are in good hands
ps-DavidR Polonus is in Poland till Friday

Wyrmrider

Hi Wyrmrider / DavidR,

I downloaded malwarebytes and i think it solved my problem. I did another scan (Avast) last night and I’m trying to copy & paste the log but won’t let me (maybe I’m doing it wrong.) PART 1

Below are the logs from malwarebytes:

Malwarebytes’ Anti-Malware 1.28
Database version: 1159
Windows 5.1.2600 Service Pack 2

9/15/2008 7:13:06 PM
mbam-log-2008-09-15 (19-12-36).txt

Scan type: Quick Scan
Objects scanned: 43511
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 7
Registry Keys Infected: 15
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 14
Files Infected: 43

Memory Processes Infected:
C:\Program Files\rhccd8j0en0o\rhccd8j0en0o.exe (Rogue.Multiple) → No action taken.
C:\WINDOWS\system32\lphc9d8j0en0o.exe (Trojan.FakeAlert) → No action taken.
C:\WINDOWS\system32\pphc9d8j0en0o.exe (Trojan.FakeAlert) → No action taken.

Memory Modules Infected:
C:\Program Files\rhccd8j0en0o\MFC71.dll (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\MFC71ENU.DLL (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\msvcp71.dll (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\msvcr71.dll (Rogue.Multiple) → No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\blphc9d8j0en0o.scr (Trojan.FakeAlert) → No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) → No action taken.
HKEY_CLASSES_ROOT\TypeLib{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) → No action taken.
HKEY_CLASSES_ROOT\Interface{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) → No action taken.
HKEY_CLASSES_ROOT\Interface{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) → No action taken.
HKEY_CLASSES_ROOT\CLSID{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) → No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccd8j0en0o (Rogue.Multiple) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccd8j0en0o (Rogue.Multiple) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhccd8j0en0o (Rogue.Multiple) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9d8j0en0o (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) → No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) → No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) → No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) → No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) → Bad: (1) Good: (0) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) → Bad: (1) Good: (0) → No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.XPAntivirus2008) → No action taken.
C:\Program Files\rhccd8j0en0o (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun\HKCU (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun\HKLM (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\BrowserObjects (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\rhccd8j0en0o\Quarantine\Packages (Rogue.Multiple) → No action taken.

PART 2

continuation of log–

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) → No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.XPAntivirus2008) → No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.XPAntivirus2008) → No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.XPAntivirus2008) → No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.XPAntivirus2008) → No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.XPAntivirus2008) → No action taken.
C:\Program Files\rhccd8j0en0o\MFC71.dll (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\MFC71ENU.DLL (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\msvcp71.dll (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\msvcr71.dll (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\rhccd8j0en0o.exe (Rogue.Multiple) → No action taken.
C:\Program Files\rhccd8j0en0o\rhccd8j0en0o.exe.local (Rogue.Multiple) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender\base.dat (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender\base2.dat (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender\Desc.dat (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender\log.dat (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender\spline.dat (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\WinXDefender\WinXDefender.ini (Rogue.WinXDefender) → No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) → No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) → No action taken.
C:\Documents and Settings\Boss Ve\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) → No action taken.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) → No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt15.tmp (Trojan.Agent) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt9.tmp (Trojan.Downloader) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttA.tmp (Trojan.Downloader) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttB.tmp (Trojan.Downloader) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttC.tmp (Trojan.Downloader) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttD.tmp (Trojan.Downloader) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttE.tmp (Trojan.Downloader) → No action taken.
C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttF.tmp (Trojan.Downloader) → No action taken.
C:\WINDOWS\system32\blphc9d8j0en0o.scr (Trojan.FakeAlert) → No action taken.
C:\WINDOWS\system32\lphc9d8j0en0o.exe (Trojan.FakeAlert) → No action taken.
C:\WINDOWS\system32\phc9d8j0en0o.bmp (Trojan.FakeAlert) → No action taken.
C:\WINDOWS\system32\pphc9d8j0en0o.exe (Trojan.FakeAlert) → No action taken.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) → No action taken.

I will continue to download rogueremover and superantispyware and run them and will post logs, if any. Also, I will do the same on my desktop (for some reason I can’t update the Avast 4.7 to 4.8)

Will keep you posted. Thanks a lot guys, I really appreciate your help!!! :smiley:

Hello again,

I’ve downloaded and ran roqueremover (nothing detected) and superantispyware – below is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2008 at 08:40 PM

Application Version : 4.21.1004

Core Rules Database Version : 3568
Trace Rules Database Version: 1556

Scan type : Quick Scan
Total Scan Time : 00:06:39

Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 372
Registry threats detected : 0
File items scanned : 4960
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Boss Ve\Cookies\boss ve@msnportal.112.2o7[1].txt
C:\Documents and Settings\Boss Ve\Cookies\boss ve@doubleclick[1].txt
C:\Documents and Settings\Boss Ve\Cookies\boss ve@specificclick[2].txt
C:\Documents and Settings\Boss Ve\Cookies\boss ve@questionmarket[2].txt

Explanation said they are not malicious?

Thanks again.

Hi again,

I did another scan in avast after the malwarebystes, rogueremover and superantispyware and below are the logs:

11/25/2007 6:30:43 PM Boss Ve 2728 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
1/25/2008 4:48:03 PM SYSTEM 1628 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
1/25/2008 4:48:07 PM SYSTEM 1628 An error has occured while attempting to update. Please check the logs.
2/17/2008 12:58:38 PM SYSTEM 1444 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
2/17/2008 12:58:38 PM SYSTEM 1444 An error has occured while attempting to update. Please check the logs.
3/5/2008 10:11:43 PM SYSTEM 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Desktop\s10.tmp” file.
3/8/2008 6:49:59 PM Boss Ve 1448 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\s9.tmp” file.
3/8/2008 8:16:39 PM Boss Ve 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\sB.tmp” file.
3/8/2008 8:51:00 PM Boss Ve 1448 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\s9.tmp” file.
3/8/2008 8:58:56 PM Boss Ve 3944 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\TAPCEG6L\wxdsetup[1].7z” file.
3/8/2008 9:28:45 PM Boss Ve 3944 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\TAPCEG6L\wxdsetup[1].7z” file.
3/8/2008 10:08:22 PM Boss Ve 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\VOOULN5Y\wxdsetup[1].7z” file.
3/8/2008 10:09:07 PM Boss Ve 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\sB.tmp” file.
3/8/2008 10:09:35 PM Boss Ve 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\sB.tmp” file.
3/9/2008 8:01:54 PM Boss Ve 1460 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\0Z7NU4DD\wxdsetup[1].7z” file.
3/9/2008 8:02:01 PM Boss Ve 1460 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\s9.tmp” file.
3/12/2008 9:11:31 PM SYSTEM 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\0Z7NU4DD\wxdsetup[1].7z” file.
3/12/2008 9:12:11 PM SYSTEM 1452 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\sA.tmp” file.
3/14/2008 9:03:48 PM Boss Ve 1468 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\0Z7NU4DD\wxdsetup[1].7z” file.
3/14/2008 9:05:34 PM Boss Ve 1468 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\s9.tmp” file.
3/18/2008 8:38:34 PM Boss Ve 1460 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temporary Internet Files\Content.IE5\0Z7NU4DD\wxdsetup[1].7z” file.
3/18/2008 8:38:48 PM Boss Ve 1460 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Boss Ve\s9.tmp” file.
9/13/2008 7:00:16 PM Jay 3996 Sign of “Win32:Adware-gen [Adw]” has been found in “c:\docume~1\jay\locals~1\temp\nsja.tmp\euladlg.dll” file.
9/13/2008 7:26:48 PM Jay 2720 Sign of “Win32:Adware-gen [Adw]” has been found in “c:\docume~1\jay\locals~1\temp\nsjb.tmp\euladlg.dll” file.
9/13/2008 7:37:36 PM Boss Ve 3728 Sign of “Win32:Adware-gen [Adw]” has been found in “c:\docume~1\bossve~1\locals~1\temp\nsqb.tmp\euladlg.dll” file.
9/13/2008 8:19:33 PM Boss Ve 828 Sign of “Win32:FraudTool-GI [Tool]” has been found in “c:\windows\system32\pphc9d8j0en0o.exe” file.
9/13/2008 8:22:31 PM Boss Ve 3296 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt9.tmp.vbs” file.
9/13/2008 8:22:41 PM Boss Ve 3296 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttD.tmp.vbs” file.
9/13/2008 8:24:18 PM Boss Ve 3296 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt9.tmp.vbs” file.
9/13/2008 8:24:27 PM Boss Ve 3296 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttD.tmp.vbs” file.
9/13/2008 8:45:40 PM Boss Ve 3296 Sign of “Win32:FraudTool-GI [Tool]” has been found in “C:\WINDOWS\system32\pphc9d8j0en0o.exe” file.
9/13/2008 9:08:57 PM Boss Ve 2068 Sign of “Win32:FraudTool-GI [Tool]” has been found in “c:\windows\system32\pphc9d8j0en0o.exe” file.
9/13/2008 9:09:32 PM Boss Ve 2068 Sign of “Win32:Bravix-B [Drp]” has been found in “c:\windows\system32\tdssadw.dll” file.
9/13/2008 9:16:15 PM Boss Ve 2068 Sign of “Win32:Bravix-B [Drp]” has been found in “c:\windows\system32\tdssl.dll” file.
9/13/2008 9:57:53 PM Boss Ve 4048 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.ttB.tmp.vbs” file.
9/13/2008 10:18:40 PM Boss Ve 4048 Sign of “Win32:FraudTool-GI [Tool]” has been found in “C:\WINDOWS\system32\pphc9d8j0en0oa.exe” file.
9/13/2008 10:19:11 PM Boss Ve 4048 Sign of “Win32:FraudTool-GI [Tool]” has been found in “C:\WINDOWS\system32\trz1F.tmp” file.
9/14/2008 6:24:54 PM Boss Ve 3052 Sign of “Win32:FraudTool-GI [Tool]” has been found in “c:\windows\system32\pphc9d8j0en0o.exe” file.
9/14/2008 11:39:22 PM Boss Ve 3268 Sign of “Win32:FraudTool-GI [Tool]” has been found in “c:\windows\system32\pphc9d8j0en0o.exe” file.
9/15/2008 12:41:51 AM Boss Ve 1300 Sign of “Win32:FraudTool-GI [Tool]” has been found in “c:\windows\system32\pphc9d8j0en0o.exe” file.
9/15/2008 12:42:03 AM Boss Ve 1300 Sign of “Win32:Bravix-B [Drp]” has been found in “c:\windows\system32\tdssadw.dll” file.
9/15/2008 12:42:12 AM Boss Ve 1300 Sign of “Win32:Bravix-B [Drp]” has been found in “c:\windows\system32\tdssl.dll” file.
9/15/2008 8:52:54 PM Boss Ve 4072 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt13.tmp.vbs” file.
9/15/2008 8:54:20 PM Boss Ve 4072 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt19.tmp.vbs” file.
9/15/2008 8:54:23 PM Boss Ve 4072 Sign of “VBS:Malware-gen” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt1C.tmp.vbs” file.
9/15/2008 8:54:24 PM Boss Ve 4072 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\Documents and Settings\Boss Ve\Local Settings\Temp.tt29.tmp” file.
9/15/2008 8:58:02 PM Boss Ve 4072 Sign of “Win32:Bravix-B [Drp]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\tdssadw.dll.vir” file.
9/15/2008 8:58:16 PM Boss Ve 4072 Sign of “Win32:Bravix-B [Drp]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\tdssl.dll.vir” file.
9/15/2008 8:58:17 PM Boss Ve 4072 Sign of “Win32:Bravix [Drp]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\tdsslog.dll.vir” file.
9/15/2008 8:58:20 PM Boss Ve 4072 Sign of “Win32:Bravix [Drp]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\tdssmain.dll.vir” file.
9/15/2008 8:58:22 PM Boss Ve 4072 Sign of “Win32:Bravix [Drp]” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\tdssserf.dll.vir” file.
9/15/2008 9:02:22 PM Boss Ve 4072 Sign of “Win32:Bravix-B [Drp]” has been found in “C:\System Volume Information_restore{2AE341E1-1D41-47B3-AE84-FDDC37834243}\RP0\A0000013.dll” file.
9/15/2008 9:02:47 PM Boss Ve 4072 Sign of “Win32:Bravix-B [Drp]” has been found in “C:\System Volume Information_restore{2AE341E1-1D41-47B3-AE84-FDDC37834243}\RP0\A0000015.dll” file.
9/15/2008 9:02:49 PM Boss Ve 4072 Sign of “Win32:Bravix [Drp]” has been found in “C:\System Volume Information_restore{2AE341E1-1D41-47B3-AE84-FDDC37834243}\RP0\A0000016.dll” file.
9/15/2008 9:02:50 PM Boss Ve 4072 Sign of “Win32:Bravix [Drp]” has been found in “C:\System Volume Information_restore{2AE341E1-1D41-47B3-AE84-FDDC37834243}\RP0\A0000017.dll” file.
9/15/2008 9:02:51 PM Boss Ve 4072 Sign of “Win32:Bravix [Drp]” has been found in “C:\System Volume Information_restore{2AE341E1-1D41-47B3-AE84-FDDC37834243}\RP0\A0000018.dll” file.

I’m not sure if what I did was redundant. By the way, all of these posts are for my laptop computer. I’ve done the same steps for my desktop computer, please let me know if I can continue posting under this thread (the logs for my desktop scans.)

Thanks again! Have a good day guys…

I trust MBAM.

If it finds something then let it remove what it finds and you may have to reboot to let it remove locked files.

I would also run SDFix to have it remove what it finds:
http://www.bleepingcomputer.com/forums/topic131299.html

Having taken a look at the MBAM log, I too consider you should run it again, click the Show Results button and select ‘all’ the items listed and then click the Remove Selected button, see images.

There looks like there was a rootkit involved that was hiding a number of the files listed.