Sign In
Create Account
0
Hi Everyone,
From everything I have googled, I have some type of virus. Everytime I search anything about malwarebytes and click on links (yahoo.answers/ malwarebytes.forum ...etc) it redirects me to websites to purchase "fake" malwarebytes or other products.
I cannot install, run or access malwarebytes.org website. Or any other websites that have anything to do with malwarebytes. But I can access all other websites easily.
I tried uninstalling it and reinstalling it but no effect. This virus is smart and dosent want me installing or using malwarebytes/ that includes viewing the website...
Please help.
P.S If I do a virus scan not connected to the internet will it still identify the virus?
Thank You.
Computer spec:
Sony Vaio Laptop
Intel Pentium M Processor 1.8ghz
502mb ram
100gb hdd
windows xp pro service pack 2
-
This topic is locked
Back to top
#2
Posted 04 July 2009 - 08:00 PM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
I managed to get the scan to work by changing the names of everything to xxx lmao... I'll post the scan results as soon as I can gotta transfer from laptop to comp
#3
Posted 04 July 2009 - 08:07 PM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/4/2009 1:05:09 PM
xxx-log-2009-07-04 (13-05-01)
Scan type: Quick Scan
Objects scanned: 104983
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 7
Registry Data Items Infected: 23
Folders Infected: 11
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
Files Infected:
c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Masacre\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Masacre\Application Data\config.cfg (Malware.Trace) -> No action taken.
c:\documents and settings\Masacre\Application Data\~tmp.html (Malware.Trace) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\tempo-823437.tmp (Trojan.DNSChanger) -> No action taken.
c:\documents and settings\Masacre\Local Settings\Temp\PlayMe.exe (Trojan.FakeAlert) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken.
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/4/2009 1:05:09 PM
xxx-log-2009-07-04 (13-05-01)
Scan type: Quick Scan
Objects scanned: 104983
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 7
Registry Data Items Infected: 23
Folders Infected: 11
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.
Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
Files Infected:
c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Masacre\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Masacre\Application Data\config.cfg (Malware.Trace) -> No action taken.
c:\documents and settings\Masacre\Application Data\~tmp.html (Malware.Trace) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\tempo-823437.tmp (Trojan.DNSChanger) -> No action taken.
c:\documents and settings\Masacre\Local Settings\Temp\PlayMe.exe (Trojan.FakeAlert) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken.
#4
Posted 04 July 2009 - 08:09 PM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/4/2009 1:08:22 PM
mbam-log-2009-07-04 (13-08-22).txt
Scan type: Quick Scan
Objects scanned: 104983
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 7
Registry Data Items Infected: 23
Folders Infected: 11
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-823437.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\Local Settings\Temp\PlayMe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
Database version: 2297
Windows 5.1.2600 Service Pack 2
7/4/2009 1:08:22 PM
mbam-log-2009-07-04 (13-08-22).txt
Scan type: Quick Scan
Objects scanned: 104983
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 7
Registry Data Items Infected: 23
Folders Infected: 11
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-823437.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Masacre\Local Settings\Temp\PlayMe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
#5
Posted 04 July 2009 - 08:33 PM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
I can now access malwarebytes.org I guess that means i fixed the problem?
#6
Posted 06 July 2009 - 03:10 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe
Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe
Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
#8
Posted 06 July 2009 - 04:32 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
Both combofix and hijackfix won't run after i installed them
#9
Posted 06 July 2009 - 05:18 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
I cannot get Combofix or Hijackthis to run on my computer? I don't know what to do?
#10
Posted 06 July 2009 - 06:12 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
I did another malwarebytes scan and it found trojan.agent >>> said it would remove upon restart...
Well I clicked restart and the computer did not restart.... It seemed like it tried then failed... but after i try clicking the power button and it starts?
Well I clicked restart and the computer did not restart.... It seemed like it tried then failed... but after i try clicking the power button and it starts?
#11
Posted 06 July 2009 - 06:13 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
Sometimes wen i clicked the power button it wont start? Maybe overheat? cause tis kinda hot
#12
Posted 06 July 2009 - 06:33 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
Ok....
My laptop has a restart/reboot error... it just shuts down
My laptop has a restart/reboot error... it just shuts down
#13
Posted 06 July 2009 - 06:39 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
Does it almost get into Windows or does it just shut down and not try to start again on it's own?
#14
Posted 06 July 2009 - 06:51 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
I click restart but it shuts down, but i think it does try to restart but fails...
#15
Posted 06 July 2009 - 06:56 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
No, the question is. The computer is running and trying to startup. Then does it shut down and reboot on it's own. OR does it just shut down and without you pressing a button or something it stays shut down?
#16
Posted 06 July 2009 - 07:01 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
2nd one....
I press restart and it shutsdown, if i dont press the power button it stays off
I press restart and it shutsdown, if i dont press the power button it stays off
#17
Posted 06 July 2009 - 07:02 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
it just shut down and without me pressing a button or something it stays shut down
#18
Posted 06 July 2009 - 07:06 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
Okay, that sounds like some type of hardware issue. If you feel comfortable doing it then you might want to try removing and re-installing the RAM, and the Hard Drive.
If that does not help then you might need to have a shop take a look at it for you.
If that does not help then you might need to have a shop take a look at it for you.
#19
Posted 06 July 2009 - 07:15 AM
-
- Banned
-
- 29 posts
New Member
- Gender:Male
How come I can't run:
Combofix
and
Hijackthis
I install both to desktop, disable anti-virus and close all windows.
I click on there icons and nothing happens.
Combofix
and
Hijackthis
I install both to desktop, disable anti-virus and close all windows.
I click on there icons and nothing happens.
#20
Posted 06 July 2009 - 07:19 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
Well that is not what you said happens. You said it tries to start and and then the computer shuts down.
I'm not sitting at the computer so I can't see what's going on. I need a better description of what's going on so that I can help you better.
Thanks.
I'm not sitting at the computer so I can't see what's going on. I need a better description of what's going on so that I can help you better.
Thanks.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
