6 replies to this topic

[sergio1]

I have been having a problem installing any type of anti virus and was told to use malawarebytes. The problem is that it won't allow me to update it. If i install avast or nod 32 all of a sudden my internet doesn't work. I can no longer access the net. When i try and update malaware it says that i am not connected to the net and cannot update. Can you help please.I also get a pop up saying a program wants acces to my computer and wants to know if i should cancel or continue, plus it sometimes freezes when i go to shut down my computer.
This is the log i got after running malaware without updating it.
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1

3/16/2009 12:22:13 PM
mbam-log-2009-03-16 (12-22-13).txt

Scan type: Quick Scan
Objects scanned: 49292
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\sergio\AppData\Local\Temp\Rar$EX13.743\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[Fatdcuk]

Hi and welcome to the MBAM forums

We need to get that DB updated as were currently on 1856.

There is obviously something blocking access to our servers so you cannot update.

At the moment 1 of the current infections performing that function is CLB driver so as diagnostic can you do the walkthrough in the below link and post back to advise if we have found the culprit ?
http://www.malwareby...showtopic=12709

[sergio1]

i downloaded the file and went to run it. I got the following message.

Mismatch between the kernel reported by windows and the one reported by a hardware scan. Do you want to use the kernel reported by windows? if i choose yes or no i get the same response " could not load driver"

[Fatdcuk]

Ok then lets see what whether GMER will load,

http://www2.gmer.net/tmp/gmer.exe

IF CLB is present then it will show up in Rootkit activity Tab on opening.

BTW i hope you learn your lesson with messing about with Keygens...sooner or later they will sting ya

[sergio1]

GMER says it has found no system modification.

As for messing with keygens,what are those,lol. I have no idea how they were messed with but i sure hope it doesn't happen again if this gets fixed. I don't personally use this computer it is my kids, which is probably not a good idea. This is the first desktop i have owned and don't know much about them. I do appreciate any and all help you can give me though.

[Fatdcuk]

OK well keygens are tools that are run inorder to generate a serial to activate pay for software.

In short whoever dose'nt want to pay for that software so they will have downloaded the keygen for it and this is how the pc has got infected in the first place.

Kid's bless 'em lol

Right now's a good time to steer you towards one of our expert helpers in the HJT forum.
Please read the topics stickied to the top of the following forum and start a fresh topic in that part of the forum.
http://www.malwareby...php?showforum=7

All the best!

[AdvancedSetup]

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

• Please read and follow the instructions provided here: I'm infected - What do I do now?
  
• If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  
• When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

• Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  
• Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  
• Using these other tools often makes the cleanup task more difficult and time consuming.
  
• If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  
• Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  
• There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

• NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.