Jump to content


Photo

Ran Malwarebytes, Now No Internet


  • Please log in to reply
6 replies to this topic

#1 dugly2ugly

dugly2ugly

    New Member

  • Members
  • Pip
  • 3 posts

Posted 01 November 2010 - 08:53 PM

I ran the program and it seemed to sucessfully remove some problems. However, I can no longer access the internet either from IE or Firefox. I have tried to follow fixes suggested to others in this and other forums, but they seemingly get specific to those users. So far I have used winsockxpfix with no luck.

Below is the log from the scan that I ran. I am comfortable around computers and am happy to take any suggestions, but if anybody can help me without too much geek speak, that would be especially appreciated.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5010

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/1/2010 5:29:06 PM
mbam-log-2010-11-01 (17-29-06).txt

Scan type: Quick scan
Objects scanned: 163402
Time elapsed: 29 minute(s), 15 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Doug\Application Data\Microsoft\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Doug\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lqfiihts (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lqfiihts (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Doug\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Doug\Application Data\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\i8oukp27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\CTnD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

#2 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 01 November 2010 - 09:13 PM

but they seemingly get specific to those users.

Hi -
This can be the case depending on the actual problems and the computer - Not all systems and problems are usually 100% the same -
You have a very badly infected system and it may take several other tools to fully fix it - If it can be fixed -
Your XP SP3 has been hit very hard by the infections and you may have lost internet connection due to this -
  • Open Control Panel > Internet Options
  • Click on the Connections tab
  • Click on the LAN settings button
  • Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  • Click on the OK button to close the Local Area Network (LAN) Settings window
  • Click on the OK button to close the Internet Options window
  • Use this diagram as a guide
  • Try this first and then post back -
Thank You -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#3 dugly2ugly

dugly2ugly

    New Member

  • Members
  • Pip
  • 3 posts

Posted 01 November 2010 - 09:36 PM

No dice. Thanks for your quick response.

#4 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 01 November 2010 - 10:09 PM

Hi -
It was worth a try as a first option (sometimes works) - Good: (Explorer.exe)Bad: (explorer.exe, this infected item may have cancelled your connection -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow -->What do I do now? <-- , skipping any steps you are unable to complete.
The next step is post a -->New Topic Here.
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that
you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -
Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -
Thank You - :D
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#5 RandyC

RandyC

    Regular Member

  • Members
  • PipPip
  • 50 posts

Posted 02 November 2010 - 08:04 AM

dugly2ugly, did you look at the "Proxy Server" settings section of the doc that noknojon pointed you to? Perhaps the "use a proxy server....." has been checked off? If so, then Un-check it, click OK, and then OK again.

Does that help?

RandyC

#6 dugly2ugly

dugly2ugly

    New Member

  • Members
  • Pip
  • 3 posts

Posted 03 November 2010 - 08:34 PM

The steps in the link did not work. The Defogger worked, but then DDS kept freezing up and GMER was "encountering errors" that forced close outs and an automatic restart of the computer.

Randy, the proxy served box was not checked.

Any other ideas?

Unforntuately, now that I'm dealing with this, I'm pretty sure that I have had this problem using Malwarebytes before a little while back. Too bad I can't remember how I fixed it. Even worse, I didn't remember until it was too late, otherwise I would have used a different program.

#7 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 03 November 2010 - 10:04 PM

Hi -
With the 15 infected items listed in the scan above , they can do a lot of damage to any system -
This is why my item at Post #4 is your best option - Skip any items that can not be done and post a new topic as listed -
By now one of the experts may have looked at your problem and helped you better than we can on the General forum -
Here we only post "general quick fixes" without fully diagnosing any specific related problems -
The problem is not with Malwarebytes , but with all the infections you had - One or two can cause a minor problem but you have 15 major problems all at the same time - If there are still items showing in any Antivirus or Malware scan , you may be still badly infected -

Thank You -

EDIT -
There have been about 30 updates since your scan and you may still have items in there to be removed -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users