Rogue Virus

A friend of mine called me panicked with a concern...A Rogue Virus...XP Console or something similar to that.  I ran Hitman Pro, Mbam and SAS.  I have attached the logs.  After I ran AVG 2011 it came up clean.  Is there anything else I should do?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would run another scan with MalwareBytes to make sure the deleted files are still gone.
Normally you need a "Rogue Process" stopper to make MBAM more effective.
Look at this: (Rogue-Killer-What-a-great-name)

You could also use "RKill"

Then follow the instructions here: (Basic Malware Troubleshooting)

1 - Stop the Rogue
2 - Run a clean version of Malwarebytes.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Good idea to run Malwarebytes again to make sure the scan comes out clean, Or scan with the RogueKiller that younghv had suggested.

The MBAM log shows a bad dll(below) to be deleted on reboot, did MBAM reboot and has the file been deleted?

c:\WINDOWS\wmoimsen.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

The HitmanPro log is not in easily readable format.
The log showed TDSS, flagged a patched driver and it's "Pending-to-Delete", whether it was deleted or not or whether SAS also replaced the driver, what I see in the log is "Pending-to-Delete"

- <Item type="Malware" malwareName="Rootkit" score="114.0" status="PendingDelete">
- <Scanners>
  <Scanner id="G Data" name="Rootkit.Patched.TDSS.Gen (Engine-A)" />
  <Scanner id="DrWeb" name="BackDoor.Tdss.2459" />
  <Scanner id="Ikarus" name="Virus.Win32.Alureon!IK" />
  <File path="C:\WINDOWS\system32\DRIVERS\compbatt.sys" hash="B6502E18156E13ECD31925D22F7C6D5AE70CF5A02C5DD3F1A1B749A50BDF6FDA" />
- <Startup>
  <Key path="HKLM\SYSTEM\CurrentControlSet\Services\Compbatt\" />

I would scan the system with TDSSKiller or ComboFix as these tools can detect and replace patched drivers if a clean replacement is found. Using ComboFix she would need to uninstall AVG so ComboFix will run.



Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

MagsOwnerAuthor Commented:
Hello again everyone!  Boy are there ever alot of viruses out there!!  Thanks for your sugguestions.  I ran rkill before Hitman.  I will run it before I run Malwarebytes again and also run TDSSKiller.  The machine was restarted after each scan so I believe everything was deleted.  Should I assume they have been deleted upon reboot or do you recommend rerunning each scan to verify?  I really appreciate all your time and help!
Oh yeah, a lot of viruses out there unfortunately....

If the PC is running fine now then that's great!....some scans takes a long time, so up to you if you want to run those scans again.

My only concern is the file that SAS flagged in the log.....any red flags on the TDSSKiller log?

If it's clean and PC is running fine then nothing to worry about.
You can flush those restore points and create a clean new one.

Turn OFF, turn it back ON and create a new restore point.

Also get rid of temp files either manually or using tool, CCleaner (
MagsOwnerAuthor Commented:
Love CCleaner!  Use it all the time.  Great idea to flush the restore points...Thanks!
MagsOwnerAuthor Commented:
Thanks for all your assistance!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.