Sign In
Create Account
0
Hi I am new to the forums and viruses/malware. I ran malwarebytes about a week ago and everything was clean except for two registry data files. It says it deletes it successfully but when I reboot it comes back. Has anyone else seen this before and can help me resolve the issue?
Here is the log:
Malwarebytes' Anti-Malware 1.40
Database version: 2746
Windows 5.1.2600 Service Pack 3
9/5/2009 4:25:27 PM
mbam-log-2009-09-05 (16-25-27).txt
Scan type: Full Scan (C:\|)
Objects scanned: 149542
Time elapsed: 42 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks
-
This topic is locked
Back to top
#2
Posted 06 September 2009 - 09:11 PM
-
- Malware Hunters
-
- 1,548 posts
Forum Deity
Hi and welcome to the forum! 
Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.
1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
* Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
* Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
* Using these other tools often makes the cleanup task more difficult and time consuming.
* If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
* Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
* There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
* NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can
Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.
1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
* Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
* Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
* Using these other tools often makes the cleanup task more difficult and time consuming.
* If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
* Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
* There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
* NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can
Avira Antivir Personal and MBAM Pro
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie
ONE DAY AT A TIME!
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie
ONE DAY AT A TIME!
#3
Posted 06 September 2009 - 09:18 PM
-
- Members
-
- 4 posts
New Member
- Gender:Male
- Location:florida
I think I had something similar to that not too long ago. It was a hijacking my Google and Bing search results. Every time I would run a scan and reboot it would come back. Even going into safe mode and scanning did not help. Here's how I got rid of it.
I downloaded and ran
1. RootRevealer ... http://twurl.cc/1k6p
Even though it revealed the hidden process it could not remove it.
2. ComboFix ... http://twurl.cc/1k6r
That's it...should be good after that.
Cheers!~
I downloaded and ran
1. RootRevealer ... http://twurl.cc/1k6p
Even though it revealed the hidden process it could not remove it.
2. ComboFix ... http://twurl.cc/1k6r
That's it...should be good after that.
Cheers!~
#4
Posted 07 September 2009 - 04:04 AM
-
- Malware Hunters
-
- 1,548 posts
Forum Deity
I would follow my instructions and let the experts help you. Those tools above shouldn't be used unless someone who really knows what they are doing advises you too. . Plus, you want to make sure you are downloading them from a legitimate site
. Plus, you want to make sure you are downloading them from a legitimate site
Avira Antivir Personal and MBAM Pro
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie
ONE DAY AT A TIME!
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie
ONE DAY AT A TIME!
#5
Posted 08 September 2009 - 08:44 AM
-
- Members
-
- 9 posts
New Member
OK> will one of u experts renders some help then??????????
#6
Posted 08 September 2009 - 09:20 AM
-
- Honorary Members
-
- 816 posts
Elite Member
vasilli
Don't worry.
Experts are here & they will help you resolve the prob. asap.
Don't worry.
Experts are here & they will help you resolve the prob. asap.
#7
Posted 08 September 2009 - 01:03 PM
-
- Malware Hunters
-
- 1,548 posts
Forum Deity
vasilli, on Sep 8 2009, 03:44 AM, said:
OK> will one of u experts renders some help then??????????
You need to follow the instructions in my first post, and an expert will help you. Malware removal will not be worked on in the general forum. Thanks
Avira Antivir Personal and MBAM Pro
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie
ONE DAY AT A TIME!
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie
ONE DAY AT A TIME!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
