Hey, this is my first post so I’d just like to say Hello and cheers for any help that I might be given!
I’ll just start off with a description of events. My pc randomly crashed with a BSOD on monday night. However, before the BSOD I was getting this program claiming to be Vista Firewall 2011 telling my that my pc was riddled with virus’, key loggers and other such nasties. Anyway, I tried restarting the pc and it kept getting a BSOD even when trying to start in safe mode (not that I’ve ever fully understood what safe mode means!). I left it yesterday. Today I gave the inside of the case a clean as it had accumulated a fair amount of dust, and made sure the memory modules were firmly seated, and when I tried to start it up it went straight into windows no problems. This Vista 2011 Firewall started going haywire again though right at startup and I had another BSOD. I restarted the PC but this time with my internet cable unplugged. On startup this programme didn’t appear, so suspecting a virus I done a quick scan with Avast. No virus found. Straight away I done a full system scan and there was 1 virus found. I moved the virus, which was listed as a High threat, and was called Win32:FakeAV-Bon [Trj] to the virus chest. Where I scanned it, and then deleted it. Should have I done this?
So, after I had done those scans and deleted the virus I tried opening Firefox, but nothing happened. And then when I tried opening other programs they wouldn’t open and it would ask to so search for a program to open them with. I had the bright idea of doing a system restore back to saturday. After doing that and getting onto firefox I started getting bombared with notifications from avast about these Win32:Ramnit-G & VBS:ExeDropper-gen [Trj] virus’. It sent hundreds of .htm and .dll files to the virus chest. During this time I completed I quick scan on Avast which showed 22 infected files, all of them being Win32:Ramnit-G & VBS:ExeDropper-gen [Trj]. I wasn’t able to send them to the virus chest though. I also tried doing a boot scan, but I had to abort it because it was finding infected files but I wasn’t able to move them or repair them.
I’ve managed, by using google chrome, as firefox won’t open again, to download MBAM and OTS. MBAM found 2 infected files and has quarantined them, and since then Avast has stopped sending Win32:Ramnit-G & VBS:ExeDropper-gen [Trj] infected files to the virus chest.
Sorry if thats abit long winded, and I hope you can make sense of what I’ve said! I’ve come on here now as I don’t know what to do next, or even if my problems have been solved by MBAM? So just looking for some pointers really.
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6354
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
13/04/2011 22:25:44
mbam-log-2011-04-13 (22-25-41).txt
Scan type: Quick scan
Objects scanned: 163064
Time elapsed: 3 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\mark\AppData\Local\Temp\7624.tmp (Trojan.Agent) → No action taken.
c:\Windows\Temp\76A0.tmp (Trojan.Agent) → No action taken.
I Hope thats the information I need to post. I’m going to peform an OTS scan again as I can’t find the log. So I’ll edit that in a few minutes.
Thanks again for any help, borgia.