Jump to content

Groovewalker

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral

About Groovewalker

  • Birthday June 8
  1. Noticed strange activity on boyfriend's parent's laptop and desktop pc that of course use the same network. They are also used occasionally by boyfriend's dad to remotely connect to his work (reason for Citrix, Kaseya Agent and RealVnc that his company's IT Contractor uses). I was under the impression that security protection was managed through this as well. Recently though, I noticed strange activity on the laptop. Unsuccessful attempts for info on the anti-virus caused me to download/run MSE and uninstall AVG (IT Contractor use). MSE found and removed over 10 severe trojans & malware, on 4/30/11. I then purchased and now run Malwarebytes' Pro as well, which has not found anything during scans as of yet but has blocked many items...THANK YOU FOR REAL-TIME PROTECTION! The laptop did have to be accessed and looked at by the IT Contractor due to protocol, and I was personally told by the Contractor that it was okay to run more than one anti-virus and that the more protection the better. Ummm weird? Anyways, with a few lingering issues and being told by 3 "knowledgeable" people that everything looked to be fine, my boyfriend's visiting brother clicked on the pop-up of the rogue XP Security 11 on the desktop pc, on 5/17/11. I instantly grabbed my Malwarebytes' CD, installed (did not register), updated, and scanned in Safe Mode a few times until I got a clean log, with only 13 objects found and removed. I then uninstalled AVG, downloaded and now run MSE (nothing found in any scans) on the desktop pc as well. I also bought a new router which was installed this past Saturday 5/21/11 by one of the "knowledgeable" people. My boyfriends dad went out of town yesterday so he had to take along the laptop so I am using the desktop (till Wednesday night) and have gotten redirected to Yahoo when trying to use Google. Now reaching ultimate frustration I come to seek advice from you, almighty Malwarbytes' Team. PLEASE HELP! Malewarebytes' has ran clean since the 17th so here are what I can fit of the Malwarebytes' logs with the found objects. I will attempt the DeFogger and DDS/GMER while I wait for your response. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 5/17/2011 8:37:20 PM mbam-log-2011-05-17 (20-37-20).txt Scan type: Quick scan Objects scanned: 192476 Time elapsed: 5 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6603 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 5/17/2011 9:29:37 PM mbam-log-2011-05-17 (21-29-37).txt Scan type: Full scan (A:\|C:\|D:\|) Objects scanned: 256526 Time elapsed: 16 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\dell\Local Settings\Application Data\qjb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\dell\Local Settings\Application Data\qjb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\dell\Local Settings\Application Data\qjb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\dell\application data\Sun\Java\deployment\cache\6.0\44\7f8027ac-2a40c2c9 (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\dell\application data\Sun\Java\deployment\cache\6.0\44\7f8027ac-30223027 (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\dell\local settings\application data\qjb.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully. c:\documents and settings\dell\local settings\application data\xwr.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.