Jump to content

ibl

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes, that was it - something with "PC Privacy" was deleted, and now my Desktop looks normal again . Thank You. Ibl
  2. Hello everybody, I have now needed and used MBAM twice within 6 months with generally great success, but this last time there remains a slight problem. Allthough I'm sure the actual malware has been removed, what remains is the rest of an empty (or just white) window covering my Background. The Original malware had this turn up with a red background and a develish looking "Virus". The picture has gone after MBAM, but the white "background" remains. Would anybody know where this is hiding so I have a change to get rid of it?? I enclose here the logs of my Scans - that will show You what mawares was involved: First Scan: Malwarebytes' Anti-Malware 1.11 Database version: 639 Scan type: Quick Scan Objects scanned: 33564 Time elapsed: 21 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. Second Scan: Malwarebytes' Anti-Malware 1.17 Database version: 867 19:24:53 18.06.2008 mbam-log-6-18-2008 (19-24-53).txt Scan type: Full Scan (C:\|) Objects scanned: 161838 Time elapsed: 1 hour(s), 10 minute(s), 30 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 9 Registry Values Infected: 6 Registry Data Items Infected: 16 Folders Infected: 4 Files Infected: 14 Memory Processes Infected: C:\Documents and Settings\il163100\Local Settings\Temp\stdstring.exe (Rogue.Installer) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\xvorfwbd.dll (Trojan.FakeAlert) -> Unloaded module successfully. C:\WINDOWS\wpvmqosg.dll (Trojan.FakeAlert) -> Unloaded module successfully. Registry Keys Infected: HKEY_CURRENT_USER\Software\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{30dd8034-a796-4cda-80a3-0a87b6c61250} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c1558682-4b6a-488e-8871-a9832700f5a6} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2a9788f6-727d-4cee-9c9f-a6d2a47fd34a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8eff7f3e-2432-4c73-bda9-7708a399f41e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8eff7f3e-2432-4c73-bda9-7708a399f41e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vrmdtneg.bxwk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vrmdtneg.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus-2008pro.exe (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xvorfwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wpvmqosg (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2a9788f6-727d-4cee-9c9f-a6d2a47fd34a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-1243486-23691) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Start Menu\Programs\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\il163100\Local Settings\Temp\stdstring.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5A07AAD9-00EC-49C4-8947-25E62B7FAB45}\RP318\A0142275.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5A07AAD9-00EC-49C4-8947-25E62B7FAB45}\RP318\A0142276.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\xvorfwbd.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\wpvmqosg.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\vrmdtneg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\neltabxw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\ksendlbtsxb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\il163100\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Greetings to a great team - with the hope that You have a good tip for me. Ib
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.