10 replies to this topic

[kelmagrob]

Daughter downloaded this virus. Ran Malwarebytes and it did not find it. It is blocking her from the internet, but I used another computer download and then transfer DDS. Here are the reports

Thank you in advance for any help!

Attached Files

•  Attach.txt   67.56K   7 downloads
•  DDS.txt   25.73K   8 downloads

[MrCharlie]

Welcome to the forum.

From your log this looks like the main problem:

C:\Users\Kelsey\AppData\Roaming\Protector-vkcb.exe

See if you can delete it, you may have to enable hidden files to se it:

http://www.howtogeek...-windows-vista/

--------------------------------

Please do this also: (which also may find it)


Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)
Post back the report.

MrC

[kelmagrob]

Found that file, but couldn't delete it at first. After running Rogue Killer, was able to delete it.

Things seem to be working well. Any further suggestions?

Thanks!

[MrCharlie]

Good, post all the logs from RogueKiller.

Then......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[kelmagrob]

Here are the RogueKiller logs.

Attached Files

•  RKreport1.txt   65.61K   5 downloads
•  RKreport2.txt   65.63K   3 downloads
•  RKreport3.txt   65.65K   4 downloads
•  RKreport4.txt   67.07K   4 downloads

[MrCharlie]

Can you post the log from ComboFix? MrC

[kelmagrob]

And now the C:\ComboFix.txt

Attached Files

•  ComboFix.txt   17.82K   6 downloads

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[kelmagrob]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kelsey :: KELSEY-PC [administrator]

6/24/2012 7:42:51 PM
mbam-log-2012-06-24 (19-42-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231008
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The computer seems to be running well now. Next step is getting MBAMpro for her!

[MrCharlie]

Great

A little clean up to do......

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....


-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!