14 replies to this topic

[ThomasK]

I'm having a problem, it all started yesterday afternoon (6/7/09) when i went onto a website that i go onto many, many times before. The website opened and then this windows window opened saying: "Do you want to exit away from this page?" and then my avast! Anti-Virus program poped up warning me about something but i X'ed out of it (so i don't know what it was warning me about), then i open taskmanager and closed internet explorer from my processess. my computer saw "ok" but i ran a full system avast! Anti-Virus scan and a SUPER Anti-Spyware program scan....i got rid of the infected (virus/spyware)(and now thats good) stuff from that ...but, when i got the my malwarebytes' anti-malware full system scan it found stuff that i don't know if it is a false positive (but i dout it, becuase of the virus/spyware/malware thing that happened alittle while earlier) and I quarantined them, two items that were quarantined were about taskmgr.exe and now i don't have a task manager becuase i quarantined the files....and the other file were all for my WinCleaner OneClick CleanUp program...but i think thats a false becuase they came up as infected on my other 2 pc computers. But i'm really have a problem with going about getting my task manager.... and also finding out if all of the virus/spyware/malware is completely off my computer.
I'll post the log:

Malwarebytes' Anti-Malware 1.37
Database version: 2247
Windows 5.1.2600 Service Pack 2

6/8/2009 10:57:29 AM
mbam-log-2009-06-08 (10-57-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 202687
Time elapsed: 26 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinCleaner (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dllcache\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\wincleaner\unins000.dat (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\unins000.exe (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\Website.url (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\custitm.ext (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\custitm.lst (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\Destroyit.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\OneClick.chm (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\Unicows.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\WCClean.exe (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\WCSO.dat (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\WCSOD.dat (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

So plz plz plz..... can someone help me..... i want to resolve the problem.... Thank You!

[sjpritch25]

Welcome to Malwarebytes



Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click [b]dss.scr to run the tool.

• When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• In your next reply, please attach both logs. Thanks

[ThomasK]

Ok. I attached the two logs.

Attached Files

•  DDS.txt   8.41K   16 downloads
•  Attach.txt   13.56K   17 downloads

[sjpritch25]

How is everything running??

The following software is out dated and needs to be upgraded because its vulnerable to attack by the latest malware attacks.

Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader 7.0.5

you need to upgrade to the lates version of Adobe 9.* from here

http://www.adobe.com/products/reader/

[ThomasK]

Everything is running fine (seems to be normal like before)..... but i quarentened (using malwarebytes') my taskmgr.exe so now i don't have a task manager to see all my processess Malwarebytes' labeled 2 items from my taskmgr.exe as Vendor: Trojan.Downloader ------> so i dont want to restore it if it is really infected becuase it well probally cause me problems... and i don't know if is falsely labeled this....

[sjpritch25]

it automatically quarantines the file. Please post the most current log from MBAM. Thanks

[ThomasK]

I did. I posted it along with my first post starting this thread. ^

[ThomasK]

I'll post the log again:

Malwarebytes' Anti-Malware 1.37
Database version: 2247
Windows 5.1.2600 Service Pack 2

6/8/2009 10:57:29 AM
mbam-log-2009-06-08 (10-57-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 202687
Time elapsed: 26 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinCleaner (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dllcache\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\wincleaner\unins000.dat (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\unins000.exe (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\Website.url (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\custitm.ext (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\custitm.lst (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\Destroyit.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\OneClick.chm (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\Unicows.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\WCClean.exe (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\WCSO.dat (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
c:\program files\wincleaner\WCOC\WCSOD.dat (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully

[sjpritch25]

Click on the Quarantine Tab
Click on the files
c:\WINDOWS\system32\taskmgr.exe
c:\WINDOWS\system32\dllcache\taskmgr.exe

and choose Unquarantine. reboot your computer.

Please update to the latest definitons, you are currently 30days old. Afterwards, i need a fresh MBAM log. Thanks.

[ThomasK]

Ok... I did what you said to do... and i did a full scan and nothing came up as infected...

[sjpritch25]

Cool

Can you access Task manager?

[ThomasK]

Yeah! as soon as I restore the items, it worked..

[ThomasK]

I have a question... this happened to me before, but why is it... when you go on a website all the time with no problem and then suddenly you go onto it and you get virus/malware/spyware and you end up with problems?

[sjpritch25]

Unfortunately,
Tons of websites are being hacked, that can lead to all kinds of trouble. IE8 has become even safer because it blocks cross site scripting (which a lot of hacked sites uses to infect users), but its limited to sites it recognizes. Also, its pretty easy now a days to get redirect to a bad site just by doing a google search.

The best protection is to use mozilla Firefox with the following extension NoScript. That will block all scripting on every single webpage. I only allow scripting on certain sites, otherwise i will select Temporary.

Today, you need to be very careful online.

[ThomasK]

Oh okay, i was wondering why .... thank's for all your help