1 reply to this topic

[Pkosiarek]

I have run my malwarebytes. When I try to delete this infected files and reboot nothing happens and I get this message "operation fails, error code 2"

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.04.10
Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
rickkosiarek :: RICKKOSIAREK-PC [administrator]
8/4/2012 11:24:53 PM
mbam-log-2012-08-04 (23-32-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233901
Time elapsed: 5 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
c:\windows\syshost.exe (Trojan.Downloader) -> No action taken.
c:\users\administrator\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\users\annika and nadia\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\users\rickkosiarek\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\appdata\local\temp\syshost.exe (Spyware.Agent) -> No action taken.
c:\windows\temp\syshost.exe (Spyware.Agent) -> No action taken.
(end)




I did run the RogueKiller and this is what shows up (below). What is the next step to fixing my computer?


RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: rickkosiarek [Admin rights]
Mode: Scan -- Date: 08/04/2012 22:59:15
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
94.63.240.127 www.google.com
94.63.240.128 www.bing.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] 220d2478ab2d438210c114f0a6e51a33
[BSP] 00953608a28c829f592748e42bd952be : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt


Can you PLEASE help and walk me through this?

[daledoc1]

Hello and welcome to MBAM forum, Pkosiarek:

Sorry to hear you might be infected.
We cannot review scan logs or work on malware removal in this sub-section of the forum, so please read below for assistance with cleaning your system.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:
OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.
OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.
OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• Then please start a new post in the Malware Removal Forum.
  
• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.

• When starting your new post, please note the following:
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  
• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:
If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them here.

OPTION 3:
If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site here.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1