Sign In
Create Account
1
I recently had AVG warn me of a virus, after running AVGs solution i notced that i was still getting odd popups in IE, So i ran MBAM and it found poburukepu and removes it but everytime it removes it it comes back. What am i doing wrong?
Malwarebytes' Anti-Malware 1.41
Database version: 2825
Windows 6.0.6000
9/19/2009 6:11:00 PM
mbam-log-2009-09-19 (18-11-00).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 377010
Time elapsed: 2 hour(s), 13 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poburukepu (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
This topic is locked
Back to top
#2
Posted 03 October 2009 - 12:23 AM
-
- Experts
-
- 1,088 posts
Elite Member
- Gender:Male
Hello and welcome to the Malwarebytes forum!
Please follow the instructions mentioned over here: http://www.malwareby...?showtopic=9573
Download and run RootRepeal CR
Please download RootRepeal from the following location and save it to your desktop.
Then, please give me an update of the condition of your machine and what problems or symptoms you may have.
With Regards,
Extremeboy
Please follow the instructions mentioned over here: http://www.malwareby...?showtopic=9573
Download and run RootRepeal CR
Please download RootRepeal from the following location and save it to your desktop.
- Direct Download (Recommended)
- Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
- Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
- Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
- Physically disconnect your machine from the internet as your system will be unprotected.
- Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
- Click the
tab at the bottom. - Now press the
button. - A box will pop up, check the boxes beside All Seven options/scan area
- Now click OK.
- Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
- The scan will take a little while to run, so let it go unhindered.
- Once it is done, click the Save Report button.
- Save it as RepealScan and save it to your desktop
- Reconnect to the internet.
- Post the contents of that log in your reply please.
Then, please give me an update of the condition of your machine and what problems or symptoms you may have.
With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to
.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to
.
#3
Posted 03 October 2009 - 05:12 AM
-
- Members
-
- 4 posts
New Member
I'm not sure what i did but after MBAM ran a third of forth time it propted a RS and then everyting was great. No issues at all now.
#4
Posted 03 October 2009 - 04:16 PM
-
- Experts
-
- 1,088 posts
Elite Member
- Gender:Male
Hello.
Glad everything is better. However, just because it seems better doesn't mean you're necessarily clean and free of malware.
If you wish to continue let me know. If not, let me know as well so I can give you some prevention tips and close off this topic.
Thanks.
~Extremeboy
Glad everything is better. However, just because it seems better doesn't mean you're necessarily clean and free of malware.
If you wish to continue let me know. If not, let me know as well so I can give you some prevention tips and close off this topic.
Thanks.
~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to
.
#5
Posted 03 October 2009 - 05:09 PM
-
- Members
-
- 4 posts
New Member
true. however all the odd files and folders are gone and MBAM and AVG give me an all clear. I guess from now on i'll steer clear of imageshack, as thats where it all started.
#6
Posted 03 October 2009 - 10:16 PM
-
- Experts
-
- 1,088 posts
Elite Member
- Gender:Male
Okay.
However, that doesn't clearly tell me if you still wish to continue or not. From how I hear it, I believe we can call this one "resolved"?
If so, let me know so I can close it and give you some prevention tips as well.
~Extremeboy
However, that doesn't clearly tell me if you still wish to continue or not. From how I hear it, I believe we can call this one "resolved"?
If so, let me know so I can close it and give you some prevention tips as well.
~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to
.
#7
Posted 03 October 2009 - 11:15 PM
-
- Members
-
- 4 posts
New Member
yes i would call the issue resolved.
#8
Posted 04 October 2009 - 02:02 PM
-
- Experts
-
- 1,088 posts
Elite Member
- Gender:Male
Okay.
Thanks for letting me know.
Below are some prevention tips.
Preventing Infections in the Future
Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
Disable Autorun on Flash-Drive/Removable Drives
When is AUTORUN.INF really an AUTORUN.INF?
Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.
If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"
Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.
Vist the WindowsUpdate Site Regularly
I recommend you regularly visit the Windows Update Site!
Update Non-Microsoft Programs
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.
Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
With Regards,
Extremeboy
Thanks for letting me know.
Below are some prevention tips.
Preventing Infections in the Future
Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
- So How did I get infected?
- Miekies' prevention suggestions
- Hardening Windows Security - Part 1 & Part 2.
- Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives
When is AUTORUN.INF really an AUTORUN.INF?
Quote
USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...
Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.
If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"
Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.
Vist the WindowsUpdate Site Regularly
I recommend you regularly visit the Windows Update Site!
- Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
- Update ALL Critical updates and any other Windows updates for services/programs that you use.
- If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
- Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.
Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to
.
#9
Posted 04 October 2009 - 02:03 PM
-
- Experts
-
- 1,088 posts
Elite Member
- Gender:Male
Hello.
Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter
Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.
With Regards,
Extremeboy
Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter
Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.
With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED!
The help you receive here from me is free but if you wish to show your appreciation, you may wish to
.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
