wickywills

Rogue.Antivirus2010

10 posts in this topic

Hello, hope someone can help, as this virus seems like a real bitch to get rid of!

It's not my computer, it's my mothers, so I have been trying to assist via "remote assist" (windows messenger). Malwarebytes scans keep picking up the same file but just crash when trying to remove it (both in safe mode and normal boot).

Anyways, the virus is called something like "Rogue.Antivirus2010". I've attached the log files as requested in the sticky posts here. Hope someone can help!!

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Anyone able to help?? Really need to get the laptop working asap :(

Share this post


Link to post
Share on other sites

Hi,

Please see if you're able to run MBAM scan without quarantining its findings. Then post the MBAM report contents back here.

Share this post


Link to post
Share on other sites

Will do - thanks for getting back to me :)

The scans seem to take a while to run (like a couple of hours!) on my mums laptop, so I will be sure to post back as soon as complete.

Share this post


Link to post
Share on other sites

Hi,

Please see if you're able to run MBAM scan without quarantining its findings. Then post the MBAM report contents back here.

Apologies, but I can't seem to find the option to do this with MBAM??

Share this post


Link to post
Share on other sites

Just scan normally. After scan is complete and results are shown you should be able to choose not to fix findings..

MBAM log should be in c:\users\<username>\appdata\roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder (replace username with user account name).

Share this post


Link to post
Share on other sites

Phew! That was one epic scan - over 7 hours! Think I'll run CCleaner or something, as its the temp files that are causing the scans to go so slow I think.

Anyway, please see below for the report - again, thanks for your help:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.29.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Gina :: GINA-PC [administrator]

02/03/2012 16:16:26

mbam-log-2012-03-02 (23-40-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 423900

Time elapsed: 7 hour(s), 20 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Gina\AppData\Roaming\AntiVirus 2010 (Rogue.AntiVirus2010) -> No action taken.

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Share this post


Link to post
Share on other sites

Thanks for the help Blade81, though that Combofix scared me a bit, so I ended up contacting Malwarebytes who were very helpful, and with a bit of work, the laptop is now cured! A quickscan took 8 mins (compared to the previous 7 hours!!) and found no infection :)

Again, thanks for your time.

This thread can now be closed.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.