Hey, my PC recently contracted a very malicious piece of malware, after Avast notified me of the virus, saying there was some malware, I tried to do a scan right then with something but the virus disabled Avast, Windows Defender, Malwarebytes, the Security center and blocked internet access to every antivirus website I've tried to to reach so far... 
Downloads get to 99% but do not finish outside of Skype.
Quick and even full scans with Malwarebytes (chameleon) and the MVT do nothing, after identifying the trojans and the hijacker and restarting, the malware is there again after a little bit, slowing my PC down to mollasus and compromising everything again... :huh: :huh: :huh:
I've noticed that the malware/virus seems to kick in after my router beeps twice, so that probably means that the virus is rooted deep in my network somwhere. :eek: :eek:
I've tried restoring my system to a few days prior to getting the infection but to no avail, it just tells me it isn't working every time via a pop up message.
Here is the report from the aftermath of the full scan I performed with Malwarebytes, due to the nature of the infection, it took 12 hours!
-----------------------------------------------------------------------
mbam-log-2012-11-13 (12-55-09).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 701599
Time elapsed: 12 hour(s), 40 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\User\AppData\Local\auyxpmia\ibqkamrq.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files\Steam\steamapps\common\company of heroes\ModernCombat\cohra\cohra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
I really believed that the full scan would detect the root source of the problem and I would be able to handle it on my own, that's why I waited so long.
Restarted the PC and did another quick scan and as you will see, the stuff is back again.
------------------------------------------------------------------------------
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225849
Time elapsed: 9 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\User\AppData\Local\auyxpmia\ibqkamrq.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Downloads get to 99% but do not finish outside of Skype.
Quick and even full scans with Malwarebytes (chameleon) and the MVT do nothing, after identifying the trojans and the hijacker and restarting, the malware is there again after a little bit, slowing my PC down to mollasus and compromising everything again... :huh: :huh: :huh:
I've noticed that the malware/virus seems to kick in after my router beeps twice, so that probably means that the virus is rooted deep in my network somwhere. :eek: :eek:
I've tried restoring my system to a few days prior to getting the infection but to no avail, it just tells me it isn't working every time via a pop up message.
Here is the report from the aftermath of the full scan I performed with Malwarebytes, due to the nature of the infection, it took 12 hours!
-----------------------------------------------------------------------
mbam-log-2012-11-13 (12-55-09).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 701599
Time elapsed: 12 hour(s), 40 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\User\AppData\Local\auyxpmia\ibqkamrq.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files\Steam\steamapps\common\company of heroes\ModernCombat\cohra\cohra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
I really believed that the full scan would detect the root source of the problem and I would be able to handle it on my own, that's why I waited so long.
Restarted the PC and did another quick scan and as you will see, the stuff is back again.
------------------------------------------------------------------------------
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225849
Time elapsed: 9 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\User\AppData\Local\auyxpmia\ibqkamrq.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Last edited:
My Computer
System One
-
- CPU
- E6550 @2.33Ghz
- Memory
- 6gb
- Graphics Card(s)
- Gtx 560Ti
- Monitor(s) Displays
- Asus VH242H
