2 replies to this topic

[SWengineer]

Hello,

About 10 days ago I get a pop-up window indicating a fake virsus detection occurred
and to click a link (which I didn't) to remove the virus. I closed the window, ran McAfee
internet security suite full scan and it found nothing

Two days ago my computer starts constantly reporting "Services and Console App has
encountered a problem and needs to close". McAfee is also constantly reporting that it
is detecting buffer overflow errors. I ran McAfee virus scan and it detects Generic
BackDoor!tz and quarantines the file. I reboot the PC and same error messages occur.

After doing some research, I obtained a copy of Malwarebytes, started up XP in Safe
mode, and ran a full scan using Malwarebytes. To my amazement, Malwarebytes
detected 21 issues that McAfee did not!!! Wow!!! I did another full scan using both
McAfee and Malwarebytes and detected nothing further in XP safe mode.

Decided to boot my PC normally with Internet connection plugged in. (While in XP safe
mode I disconnected the Ethernet cable from PC). PC booted up without the previous
errors. However, the instant I clicked FireFox to log into the Internet, McAfee starts
reporting all sorts attempted registry key changes and trojan attacks. I yanked the
Ethernet cable and immediately shut off the PC. I went back to XP safe mode without
networking and ran both McAfee and Malwarebytes full scans. McAfee detected nothing,
but Malwarebytes detected 19 new types of infections. I let Malwarebytes do another
full scan and it comes up clean.

I did some more research (using an uninfected laptop) and learned about the MSCONFIG
utility. I ran MSCONFIG while in XP safe mode, and examined the list of activities under
Startup. To my astonishment, ikowin32.exe was the last thing in the start up list! The
file was started under C:\Documents and settings\<user name>\ etc.

From what I have read, ikowin32.exe is supposed to be very bad, and yet both McAfee
and Malwarebytes both still keep missing this file.

Question 1: How do I safely remove it?

Question 2: There are 2 other Startup Items in the list with NO names or Commands
listed, just an HKCU registry key listed. Should I manually remove these
from the MSCONFIG Startup list?

Question 3: Under Malwarebytes main menu, there is a tab listed "Quarantine". I looked
at it and found all the trojans and viruses listed there that it found today. I
thought Malwarebytes removed them from my PC after it found them. Do I
need to click on the "Delete All" tab at the bottom of the screen to permanently
remove them from my PC once and for all? I read nothing about this extra
last step on your website or documentation.

Thanks for your help. I am currently running Malwarebytes' Anti-Malware 1.40, Database
version: 2551.

Thanks in advance for any assistance.

[miekiemoes]

Hi,

Quote

Thanks for your help. I am currently running Malwarebytes' Anti-Malware 1.40, Database
version: 2551.

It makes sense that the infection you are dealing with is not detected or removed. This because we are almost 300 updates further.
So please start with updating your mbam via the update tab.
Then perform a scan in normal mode (quick scan and normal mode, since that's a more powerful/smarter method - don't use full scan or safe mode)
Select whatever it found for removal.
Then reboot.

Then post the malwarebytes log in your next reply together with a HijackThislog.

[miekiemoes]

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.