Wahlflower Posted October 26, 2010 Posted October 26, 2010 Hello all, e I have Norton 360 and it keeps telling me I have two viruses One of them being graybird? Anyhow, it says it gets rid of them, but they keep showing up sometimes multiple times per day. I dowloaded Malwareybytes with the latest version and it found 5 threats, so i got rid of them. Now my internet doesn't work. I can't connect via Firefox, Internet Explorer or Google. My outlook works, sending and receiving messages. When I try to connect to the internet it says "the proxy server is refusing connections". I am assuming this is due to the viruses? Does anyone know how to fix this? I am attaching the logs from Malwarebytes. A great big thanks to everyone who can help. Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4948 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/25/2010 6:29:39 PM mbam-log-2010-10-25 (18-29-39).txt Scan type: Quick scan Objects scanned: 141712 Time elapsed: 5 minute(s), 10 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: C:\Users\Kim Herlache\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Unloaded process successfully. C:\Users\Kim Herlache\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Kim Herlache\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Users\Kim Herlache\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Kim Herlache\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfullycond second one.... Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4948 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/25/2010 6:55:44 PM mbam-log-2010-10-25 (18-55-44).txt Scan type: Quick scan Objects scanned: 141159 Time elapsed: 4 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Kim Herlache\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Kim Herlache\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully. Quote
PseFrank Posted October 26, 2010 Posted October 26, 2010 Hi Wahlflower, welcome to Extreme Tech Support - Free PC Help I don't have an answer to your problem, but I'm sure that one of our resident malware experts will be along soon. I notice that you have done a Quick Scan with Malwarebytes. Maybe you could try a full scan to see if anything else is found. This may not make any difference to the results already recorded, but on the other hand something else may crop up.. Quote I thought I knew today...I'll try again tomorrow. :) Need help with your computer problems? Then why not join Free PC Help. Register Here If Free PC Help has helped you then please consider a donation. Click Here
Jelly Bean Posted October 26, 2010 Posted October 26, 2010 Personaly something may of been removed that should not of.. If you could access the internet before you ran Malwarebytes then do a system restore to just before you ran the software then visit our Malware section and lets the boys help you.... Quote Rwy'n ceisio fy ngorau......................
Starbuck Posted October 26, 2010 Posted October 26, 2010 Hi Wahlflower, lets try this: Step 1 Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options Click on the Connections tab Click on the Lan Settings button Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen Then press the OK button to close the Internet Options screen. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.