Threat Detected every other Second

Hi, new here, hope you can help me with this.

Avast has been detecting a threat every second. It is going on now as I type this and extremely annoying. This is the message that pops up:

Object: C:\windows\system32\cbyywx.dll

Infection: Win32:Malware-gen

Action:Deleted

Process: C:\WINDOWS\system32\Isass.exe

First thing I did was scan it with Malwarebytes’ Anti-Malware. At first it wouldn’t open so I had to change the name of the file. After the first full scan, it detected about 7 threats, I deleted them and rebooted my pc, however, upon reboot it gave me an error message of some sort which I forgot. Next, I went in the properties of the “My Computer” icon and turned off the restoration thingy. I proceeded to scan with Malwarebytes two more times but this time only a quick scan. Same result.

Seeing as Malwarebyetes was not solving my issue, I scanned with Superantispyware but all it could find was a couple of cookies.

I forgot to mention I the first thing I did before scanning was using ATF-Cleaner to get rid of all of the temporary folders and all that stuff.

I’m not very tech-savy so if anyone could provide some help it will be greatly appreciated. My next step now is to scan with Malwarebytes in safe mode (this was recommended to other users so I’ll give it a shot).

After the first full scan, it detected about 7 threats,
can you post the Malwarebytes scan log

Here’s the scan log of the full scan.

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4370

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/07/2010 13:29:58
mbam-log-2010-07-30 (13-29-58).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 276512
Time elapsed: 1 hour(s), 32 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dddbcbaudio (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\geecyyaudio (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qomkjhsys (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qopqppaudio (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gedbxvsys (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qopqppaudio (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gedbxvsys (Trojan.Vundo) → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) → Bad: (http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm) Good: (http://www.google.com/) → Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

looks like you are infected by a late version of vundo,that may be difficult to remove
http://en.wikipedia.org/wiki/Vundo

quote:
. It attaches to the system using bogus Browser Helper Objects and DLL files attached to winlogon.exe and explorer.exe and more recently lsass.exe

The latest variation of Vundo is undetected by most antivirus software,

Malwarebytes works best in normal mode, but it does not hurt to try safe mode…
also try avast bootscan
http://sites.google.com/site/spg20scottsweb/home/avast-5-boot-time-scan

you may also try
Dr.Web Cureit http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/
Norman malware Cleaner http://www.freedrweb.com/cureit/how_it_works/
download and save to desktop and run. they are not installed so when the job is done you can remove them by drag and drop to the resycle bin

This doesn’t sound good.

I’ll try the Avast boot scan and if it doesn’t work will go with safe mode.

Thanks for your help.

if none of the above works then follow this guide from Essexboy and post/attach the log from OTL
http://forum.avast.com/index.php?topic=53253.0

lower left corner: + Additional Options > Attach ( OTL.Txt and Extras.Txt )

I did the boot up scan, went AFK and I just got back home. It seems to have stopped, except for the error log when windows opens. I know there’s another thread where someone had the same problem and after it was fixed he scanned with mbam and it was fixed, will try this now.

I just hope its permanently gone. Thanks again^^

Majed,

You are better off staying with the thread you created to fix your problem. If you are still having problems, which it looks like you are, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions of obtaining the OTL log as an attachment (Additional Options in the bottom left corner under the message screen when posting). If any malware is found, we will refer you to one of our malware experts.