Sign In
Register
Help
Alright. My friend is currently in a state of computer trouble. MBAM won't run, HJT won't run, SUPER AntiSpyware won't run. She can't run her computer in normal mode, as it shuts itself down. But in safe mode, she's fine. We have no idea how to save it, aside from formatting, which she wants to avoid. Any ideas?
The only suspicion we have is a file that's running in processes :
O23 - Service: sopidkc Service (sopidkc) - Sigma Designs Inc - C:\WINDOWS\system32\sopidkc.exe
( we got hjt to run by changing the exe name but we're still having problems getting mbam to install )
Update : After a struggle, MBAM finally installed!
Update #2 : But it won't scan.
Update #3 : Okay! Got it to scan! Man, this is a lot of work : < changing names, reinstalling, whatnot
Update #4 : MBAM Scan Results :
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3
8/3/2009 2:46:09 PM
mbam-log-2009-08-03 (14-46-04).txt
Scan type: Quick Scan
Objects scanned: 110623
Time elapsed: 8 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 10
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (regedit.exe %1) Good: (regedit.exe "%1") -> No action taken.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\EvdoServer.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Boo\Local Settings\Temp\db.exe (Trojan.Downloader) -> No action taken.
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
Friend's Computer
#1
- Advanced Member
-
- Group: Members
- Posts: 286
- Joined: 15-May 08
- Gender:Male
- Location:Ontario, Canada
- Interests:Programming, minimalism, video games, movies/tv, literature and music.
Posted 03 August 2009 - 05:42 PM
QUOTE
Fantasy is the celebration of what we no longer are: individuals certain of our meaningfulness in a meaningful world. The wish-fulfillment that distinguishes fantasy from other genres is not to be the all-conquering hero, but to live in a meaningful world. The fact that such worlds are enchanted worlds, worlds steeped in magic, simply demonstrates the severity of our contemporary crisis.
Scott R. Bakker, Why Fantasy and Why Now?
RPG Codex - Putting the 'Role' back in RPG.
The Age of Decadence - A game everyone should look forward to.
The Age of Decadence - A game everyone should look forward to.
MultiQuote
#2
- Power Member
-
- Group: Moderators
- Posts: 972
- Joined: 09-October 08
Posted 04 August 2009 - 11:41 PM
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#3
- Advanced Member
-
- Group: Members
- Posts: 286
- Joined: 15-May 08
- Gender:Male
- Location:Ontario, Canada
- Interests:Programming, minimalism, video games, movies/tv, literature and music.
Posted 05 August 2009 - 12:09 AM
We've tried. It's kinda hard if her antivirus won't scan. :<
Or any of the others we tried.
Or any of the others we tried.
QUOTE
Fantasy is the celebration of what we no longer are: individuals certain of our meaningfulness in a meaningful world. The wish-fulfillment that distinguishes fantasy from other genres is not to be the all-conquering hero, but to live in a meaningful world. The fact that such worlds are enchanted worlds, worlds steeped in magic, simply demonstrates the severity of our contemporary crisis.
Scott R. Bakker, Why Fantasy and Why Now?
RPG Codex - Putting the 'Role' back in RPG.
The Age of Decadence - A game everyone should look forward to.
The Age of Decadence - A game everyone should look forward to.
#4
- Power Member
-
- Group: Moderators
- Posts: 972
- Joined: 09-October 08
Posted 05 August 2009 - 02:41 PM
try this
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\system32\svchost.exe
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
Page 1 of 1
- You cannot start a new topic
-
This topic is locked