Sign In
Create Account
0
Dont know how it got there but all of a sudden I had a fake antivirus install on my PC & begin constant pop ups to try & get me to purchase things etc & make me install more things!
I downloaded Malwarebytes & it found a few infected things & made the pop ups go away, but it said it couldnt remove all the infection.
& so this virus or whatever it is keeps coming up & doing all sorts of nasty things to my PC
Please tell me what to do to get rid of it?
THIS IS WHAT THE MALWARE PICKED UP IN THE LOG LAST SCAN (+ I should add that my Task Manager has been disabled)
Malwarebytes' Anti-Malware 1.36
Database version: 2128
Windows 5.1.2600 Service Pack 2
21/05/2009 8:39:51 AM
mbam-log-2009-05-21 (08-39-42).txt
Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 197282
Time elapsed: 1 hour(s), 1 minute(s), 25 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
C:\Documents and Settings\Administrator\Application Data\winav.exe (Rogue.WinPCAntivirus) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WinPC Antivirus (Rogue.WinPCAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{92dea029-400e-497b-863d-1e5cd71b6441} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9580c756-9b78-41c8-8371-21105052831e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b00d6c77-5229-41b0-86b9-5b31509557d4} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eedc4410-6b4d-4d68-a6bd-c386f0335c1b} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eedc4410-6b4d-4d68-a6bd-c386f0335c1b} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eedc4410-6b4d-4d68-a6bd-c386f0335c1b} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avscan (Rogue.WinPCAntivirus) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe %windir%\system32\drivers\svchost.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{CC39CAB8-B144-4133-BEB2-5098B8E66B1E}\RP611\A0079154.dll (Adware.VideoEgg) -> No action taken.
C:\System Volume Information\_restore{CC39CAB8-B144-4133-BEB2-5098B8E66B1E}\RP611\A0079157.exe (Adware.VideoEgg) -> No action taken.
C:\System Volume Information\_restore{CC39CAB8-B144-4133-BEB2-5098B8E66B1E}\RP611\A0079158.exe (Adware.VideoEgg) -> No action taken.
C:\System Volume Information\_restore{CC39CAB8-B144-4133-BEB2-5098B8E66B1E}\RP611\A0079159.old (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Administrator\Start Menu\WinPC Antivirus.LNK (Rogue.WinPCAntivirus) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\WinPC Antivirus.LNK (Rogue.WinPCAntivirus) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\winav.exe (Rogue.WinPCAntivirus) -> No action taken.
C:\WINDOWS\ieocx.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\OPR61F78.emf (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\asd.bat (Rogue.WinPCDefender) -> No action taken.
C:\WINDOWS\system32\drivers\UACpugvrfhdnmcqnhn.sys (Trojan.Agent) -> No action taken.
-
This topic is locked
#1
Posted 27 May 2009 - 02:51 AM
-
- Members
-
- 6 posts
New Member
- Gender:Female
- Location:Australia
Back to top
#2
Posted 27 May 2009 - 12:34 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
First of all, please update MalwareBytes, because the databaseversion is outdated.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
First of all, please update MalwareBytes, because the databaseversion is outdated.
- Start MalwareBytes and click the Update tab. There click "Check for updates"
- In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.
- Once the updates are downloaded, perform a full scan again.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
#3
Posted 09 June 2009 - 07:57 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
