Avira endlessly detecting malware

**Exidid** · 21 Nov 2010

HELLO! I just joined the forum with a seemingly big problem!

OK, I don't know what happened, but all of the sudden my computer starts throwing all kinds of stuff at me. First of all, my windows theme is all messed up. Then, Avira starts reporting lots and lots of malware from the ATI Technologies folder in program files. It said it had found like 11 viruses or unwanted programs so I just clicked ''move to quarantine'', but then it reported it had found another 6 viruses. I did the same and I got another report saying 11 other viruses were found. I'm completely clueless, and I need a little guidance in what the hell to do. Plus, I can't open the task manager (which is an indicator of bad things happening, according to a friend of mine), and whenever I insert anything in the USB ports I start getting an error message. This seems like a very big problem and I'm a little freaked out D:

It is very possible that my computer is infected with something nasty, because I never stop downloading stuff from the internet.

**richc46** · 21 Nov 2010

Welcome
Stay calm
I am going to contact some of our best. You will be helped.

**Exidid** · 21 Nov 2010

That's very kind ^^
All programs work normally but this has never happened to me >.> I may want to mention that before this happened, the power went off while my computer was starting. After that the screen wouldn't load, so I turned it off again. I switched it on and the same happened, then I realized the screen was black because the cable that connects the monitor to the TV was connected lol. So I was unknowingly harming my computer by aggressively turning it on and off. >.>

After that, the things iin the OP started. Be my judges people.

For reference, here's a pic of my desk:

**Exidid** · 21 Nov 2010

Update: I realized I can't open any Microsoft Office programs! This is extremely annoying. UPDATE: Now I suddenly can.

My mother uses my laptop for banking online. Should I format right away? I already told my mom to change her password. She said that she uses my sister's laptop for banking purposes too, and my sister laptop has been infected for a while >.>

EDIT: I meant this post as an edit! I'm sorry for double posting >.>

**niemiro** · 22 Nov 2010

You need to wait for the expert on this one, and not the trainee, but did you change your passwords from a clean computer, as all passwords must be changed from a non-infected computer.

Thanks!

**niemiro** · 22 Nov 2010

Please do this on BOTH computers.

Please download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.46 Download
Rename it to Exid.exe before saving to desktop

* Right-click Exid/mbam-setup.exe, run as Adminitrator, and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

Please post both logs, so that the expert can check them out, and make sure that we know which log come from this computer, and which one came from the other.

Thanks!

**Exidid** · 22 Nov 2010

I currently have no access to my sister's laptop. I followed the steps for my own and this is the log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 5169

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22/11/2010 11:52:49 a.m.
mbam-log-2010-11-22 (11-52-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 306638
Time elapsed: 1 hour(s), 17 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This was actually my second scan. My first attempt was interrupted when my screen went all blue. I don't remember what the text said, but it said the computer was about to reset due to problems with Windows. I just initiated the scan again after the computer went on.

Now I can access the task manager ^.^ I still have some problems with my windows theme, but I think it is unrelated to this.

EDIT: Currently scanning my sis's.

**niemiro** · 22 Nov 2010

Wait for the security experts. Do not leave until they give you the all clear, as you may well have hidden malware still on the system. ~~The other computer?~~

EDIT: Should have made more of an effort to read!

**Exidid** · 22 Nov 2010

Log for my sister computer:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versión de la Base de Datos: 5172

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/11/2010 02:13:15 p.m.
mbam-log-2010-11-22 (14-13-15).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|F:\|)
Objetos examinados: 209708
Tiempo transcurrido: 1 hora(s), 0 minuto(s), 3 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 4
Carpetas Infectadas: 2
Archivos Infectados: 12

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\Configuración local\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Archivos Infectados:
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\Configuración local\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\Configuración local\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\77C68E\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\77C68E\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\Configuración local\Temp\E_4\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Invitado\Configuración local\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\¡¡¡¡¡¡.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dx10d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I just noticed it's in Spanish, sorry >.>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
sync downloads messages endlessly	pauliebird	Live Mail	2	12 May 2010
Avira Update Nag Screen	Spirit	Vista security	5	20 Nov 2008
Avira Update Nag Screen	Spirit	Vista General	12	20 Nov 2008
Vista rootkit issue? All legit software. Open an .wav folder with a few wav files and hard-drive goes 100% endlessly	Bob	Vista security	0	02 Oct 2007
GEEN MOVING Vista BAR + BLACK SCREEN endlessly	tom	Vista installation & setup	4	18 Nov 2006

Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Re: Avira endlessly detecting malware

Posting Permissions