Report Winibluesoft :([INACTIVE] in Malware Removal Posted April 28, 2009 I got a hell of a virus and have been having some very nice people help me out w/ getting rid of it I have foloed a few guides and nothing is working it wont let me run malwarebytes ((( here is my Rooter fileMicrosoft Windows Vista Home Edition (6.0.6000) C:\ [Fixed] - NTFS - (Total:141219 Mo/Free:1232 Mo)D:\ [Fixed] - NTFS - (Total:11405 Mo/Free:3128 Mo)E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)Tue 04/28/2009|12:47----------------------\\ Processes..--Locked-- [system Process]--Locked-- System---------- \SystemRoot\System32\smss.exe---------- C:\Windows\system32\csrss.exe---------- C:\Windows\system32\wininit.exe---------- C:\Windows\system32\csrss.exe---------- C:\Windows\system32\services.exe---------- C:\Windows\system32\lsass.exe---------- C:\Windows\system32\lsm.exe---------- C:\Windows\system32\winlogon.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\System32\svchost.exe---------- C:\Windows\System32\svchost.exe---------- C:\Windows\System32\svchost.exe---------- C:\Windows\system32\svchost.exe--Locked-- audiodg.exe---------- C:\Windows\system32\SLsvc.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\System32\spoolsv.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\system32\svchost.exe---------- C:\Windows\System32\svchost.exe---------- C:\Windows\system32\SearchIndexer.exe---------- C:\Windows\system32\taskeng.exe---------- C:\Windows\system32\wbem\wmiprvse.exe---------- C:\Windows\system32\taskeng.exe---------- C:\Windows\system32\Dwm.exe---------- C:\Windows\Explorer.EXE---------- C:\Program Files\Windows Defender\MSASCui.exe---------- C:\Windows\System32\igfxtray.exe---------- C:\Windows\System32\hkcmd.exe---------- C:\Windows\System32\igfxpers.exe---------- C:\Program Files\Java\jre6\bin\jusched.exe---------- C:\Program Files\Windows Sidebar\sidebar.exe---------- C:\Program Files\Curse\CurseClient.exe---------- C:\Windows\ehome\ehtray.exe---------- C:\Windows\system32\igfxsrvc.exe---------- C:\Windows\system32\wbem\unsecapp.exe---------- C:\Windows\ehome\ehmsas.exe---------- C:\Program Files\Windows Sidebar\sidebar.exe---------- C:\firefox.exe---------- C:\Users\Paul\AppData\Local\Temp\setup2.exe---------- C:\Windows\system32\NOTEPAD.EXE---------- C:\Windows\System32\notepad.exe---------- C:\Windows\system32\DllHost.exe---------- C:\Windows\system32\DllHost.exe---------- C:\Windows\system32\cmd.exe---------- C:\Rooter$\RK.exe----------------------\\ Search..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{051A67E2-C560-4B3F-A5F2-CD0D1897F4F2}] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}] DhcpNameServer REG_SZ 85.255.116.35 85.255.112.20 1.2.3.4[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{051A67E2-C560-4B3F-A5F2-CD0D1897F4F2}] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{051A67E2-C560-4B3F-A5F2-CD0D1897F4F2}] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}] NameServer REG_SZ 85.255.112.175,85.255.112.179[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}] DhcpNameServer REG_SZ 85.255.116.35 85.255.112.20 1.2.3.4==> WAREOUT <==----------------------\\ ROOTKIT !!1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/28/2009|12:262 - "C:\Rooter$\Rooter_2.txt" - Tue 04/28/2009|12:47----------------------\\ Scan completed at 12:47
Winibluesoft :([INACTIVE]
in Malware Removal
Posted
I got a hell of a virus and have been having some very nice people help me out w/ getting rid of it I have foloed a few guides and nothing is working
it wont let me run malwarebytes 
((( here is my Rooter file
Microsoft Windows Vista Home Edition (6.0.6000)
C:\ [Fixed] - NTFS - (Total:141219 Mo/Free:1232 Mo)
D:\ [Fixed] - NTFS - (Total:11405 Mo/Free:3128 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Tue 04/28/2009|12:47
----------------------\\ Processes..
--Locked-- [system Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Curse\CurseClient.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\firefox.exe
---------- C:\Users\Paul\AppData\Local\Temp\setup2.exe
---------- C:\Windows\system32\NOTEPAD.EXE
---------- C:\Windows\System32\notepad.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{051A67E2-C560-4B3F-A5F2-CD0D1897F4F2}]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}]
DhcpNameServer REG_SZ 85.255.116.35 85.255.112.20 1.2.3.4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{051A67E2-C560-4B3F-A5F2-CD0D1897F4F2}]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{051A67E2-C560-4B3F-A5F2-CD0D1897F4F2}]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}]
NameServer REG_SZ 85.255.112.175,85.255.112.179
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{98F6763C-40EA-4F85-8FC0-2E81017AEE66}]
DhcpNameServer REG_SZ 85.255.116.35 85.255.112.20 1.2.3.4
==> WAREOUT <==
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/28/2009|12:26
2 - "C:\Rooter$\Rooter_2.txt" - Tue 04/28/2009|12:47
----------------------\\ Scan completed at 12:47