Haali Media Splitter Virus
Kerby Reynolds
I am currently infected with the Win32/Conficker.B virus on my work machine. A little background on it, someone here at work downloaded the virus on one of our network drives which has spread to many machines I assume. Our MIS department has recently swapped servers so it won't spread anymore, but several machines are still infected by this virus. I have run several different scans in and out of safe mode only to have it return. As of today, Malwarebytes no longer recognizes the virus for some reason, but Microsoft Security Essentials is still finding instances of it. I've been dealing with this for over a week now and have had no success removing. It will be greatly appreciated if you can help rid my machine of this nasty virus.
Well the thing is I bought an individual license for Malwarebytes for my home computer and I decided to use it on my work computer as well because the antivirus software I was using wouldn't let me remove a virus because I didn't have administrative privileges. Then eventually our MIS department stopped using that antivirus program so all I had was Malwarebytes on it since it was protecting it until I received this virus that is so I tried to download AVG but that didn't work. So I ended up downloading Microsoft Security Essentials. The licensed Malwarebytes is only on my computer and nobody else uses it.
That's what I need to know. Before we begin I need a new log file from DDS. Furthermore, I would like to explain that Malwarebytes Anti-Malware is software, not Anti-Virus. This means that you are not protected from viruses and still need an antivirus program. The conclusion is that Malwarebytes' Anti-Malware is an additional protection, not essential.
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Sophos Anti-Virus (the following too: Sophos AutoUpdate and Sophos Remote Management System) and to keep Microsoft Security Essentials. Finally, reboot your PC.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Sorry misunderstood what you said. Just so I'm certain you want me to copy and paste the malwarebytes directly into the reply and have the other logs as attachments? Or copy/paste all logs directly into the reply?
8/24/2012 9:29:42 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/21/2012 3:01:19 PM, error: Service Control Manager [7001] - The Sentinel service depends on the Parport service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/21/2012 3:01:19 PM, error: Service Control Manager [7000] - The Sophos Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/21/2012 2:26:09 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/19/2012 10:29:42 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
8/17/2012 9:50:47 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2012 3:14:09 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2223.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
8/17/2012 3:14:01 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2223.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
I did the steps in the guide. When I ran the EConfickerRemover, it said didn't find any instances of Conficker and the memory and asked if I wanted to continue with the scan so I hit yes and the cmd prompt just went away.
Could it be possible that I am not infected anymore? And another network drive we use be infected with the virus trying to reinstall it on my machine only to be quarantined by MSE? Here are fresh dds files:
8/25/2012 3:10:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/25/2012 3:10:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/25/2012 3:04:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/25/2012 3:04:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/25/2012 12:50:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
e59dfda104