Darkseid Posted December 28, 2008 SAS detected 121 problems, including trojans (Virtumonde). I clicked to quarantine/remove them all, then it asked me to reboot. When the system rebooted it could not start up Windows normally at all. It would either tell me or I would get a black blank screen. But safe mode works (but doesn't give me internet access). I cannot access SAS in safemode either. But it kept popping up with system 32 errors when in safe mode. I tried system restores but while they removed SAS the other problems continued, and fixing this is out of my league. Is there a way to use SAS effectively without causing issues with Windows XP? Is it the removal of Virtumonde that somehow messes with the registy which in turn causes Windows to fail to start. I don't know exactly where the problem lies. Everything else I have isn't working against Virtumonde and missed things SAS picked up. Any help is greatly appreciated! Share this post Link to post Share on other sites
lazark Posted February 1, 2009 i have the exact same problem. if you've figured out how to solve it , please post. otherwise, i guess this is just a bump. thanks Share this post Link to post Share on other sites
lazark Posted February 1, 2009 and if it helps you help me, here's the log file: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/31/2009 at 07:52 PM Application Version : 4.25.1012 Core Rules Database Version : 3738 Trace Rules Database Version: 1707 Scan type : Complete Scan Total Scan Time : 00:51:01 Memory items scanned : 602 Memory threats detected : 3 Registry items scanned : 5498 Registry threats detected : 77 File items scanned : 22838 File threats detected : 18 Adware.Vundo/Variant-AdobeFake C:\WINDOWS\SYSTEM32\HVUARL.DLL C:\WINDOWS\SYSTEM32\HVUARL.DLL HKLM\Software\Classes\CLSID\{2858bad6-8c22-4655-a974-921887bd8cb8} HKCR\CLSID\{2858BAD6-8C22-4655-A974-921887BD8CB8} HKCR\CLSID\{2858BAD6-8C22-4655-A974-921887BD8CB8}\inprocserver32 HKCR\CLSID\{2858BAD6-8C22-4655-A974-921887BD8CB8}\inprocserver32#ThreadingModel C:\WINDOWS\SYSTEM32\FOVPFPGR.DLL C:\WINDOWS\SYSTEM32\OLHKTSTN.DLL C:\WINDOWS\SYSTEM32\PARGWY.DLL C:\WINDOWS\SYSTEM32\RPDRKFUG.DLL C:\WINDOWS\SYSTEM32\UVLJCKRP.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\PPHRFS.DLL C:\WINDOWS\SYSTEM32\PPHRFS.DLL Trojan.Vundo-Variant/Packed-GEN C:\WINDOWS\SYSTEM32\DDCCRKCY.DLL C:\WINDOWS\SYSTEM32\DDCCRKCY.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739D8074-E857-4DE0-8064-71115F3A4D3B} HKCR\CLSID\{739D8074-E857-4DE0-8064-71115F3A4D3B} HKCR\CLSID\{739D8074-E857-4DE0-8064-71115F3A4D3B}\InprocServer32 HKCR\CLSID\{739D8074-E857-4DE0-8064-71115F3A4D3B}\InprocServer32#ThreadingModel HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739D8074-E857-4DE0-8064-71115F3A4D3B} Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\PMNKKAQJ.DLL HKLM\Software\Classes\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61} HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61} HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}\inprocserver32 HKCR\CLSID\{C9C42510-9B21-41C1-9DCD-8382A2D07C61}\inprocserver32#ThreadingModel C:\WINDOWS\SYSTEM32\IEHELPER.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{933E7167-F302-48C8-A4E9-19C4D4C15B3B} HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Malware.LocusSoftware Inc/BestSellerAntivirus HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A7F202E-AF91-4889-9DD5-2FE241085CC1} Adware.Vundo Variant HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5BF49A2-94F3-42BD-F434-3604812C8955} C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP4\A0002181.DLL Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKLM\SOFTWARE\Microsoft\MS Juan HKLM\SOFTWARE\Microsoft\MS Juan#RID HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal#LU HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal#CT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\trojan-phisher-sinowal#LT HKLM\SOFTWARE\Microsoft\MS Juan\metajuan HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT HKLM\SOFTWARE\Microsoft\MS Juan\profiling4 HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT HKLM\SOFTWARE\Microsoft\MS Juan\superjuan HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\MS Track System HKLM\SOFTWARE\Microsoft\MS Track System#Uid HKLM\SOFTWARE\Microsoft\MS Track System#Click1 HKLM\SOFTWARE\Microsoft\MS Track System#Uqs HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKLM\Software\Microsoft\D8DC1437 HKLM\Software\Microsoft\D8DC1437#d8dc1437 HKLM\Software\Microsoft\D8DC1437#Version HKLM\Software\Microsoft\D8DC1437#d8dcb9b7 HKLM\Software\Microsoft\D8DC1437#d8dcd052 HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\CS41275 HKU\S-1-5-21-2515699666-69994545-943733920-1006\Software\Microsoft\FIAS4018 Trojan.Unknown Origin C:\MYWYXNGK.EXE C:\OKPOMQ.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP3\A0000083.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP3\A0000084.EXE Rootkit.TDSServ/Fake C:\SYSTEM VOLUME INFORMATION\_RESTORE{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP3\A0002052.SYS Rootkit.TDSServ-Trace C:\WINDOWS\SYSTEM32\TDSSKKAI.LOG C:\WINDOWS\SYSTEM32\TDSSMTVD.DAT Share this post Link to post Share on other sites