Rogue.Antivirus360

[Highcountryrider]

I had recently cleaned a friend's computer that had AV360 and a couple of other malware problems. This was done in early January of this year. I then laid out a regimen for him to run Malwarebytes and his TrendMicro AV program daily to confirm that no re-infection had taken place. He said that he would do this.

I was at his house today helping his wife with some computer tutoring so I updated and ran Malwarebytes(full scan) and found three infections. Included is the MWB log. Are these left over from the original infection or has he become re-infected? I had disabled system restore after completion of the cleaning process and then re-enabled it and I know he hasn't done a system restore since the cleaning. OS is Windows XP SP2.

TIA for assistance.

Malwarebytes' Anti-Malware 1.34

Database version: 1807

Windows 5.1.2600 Service Pack 3

2/26/2009 4:41:34 PM

mbam-log-2009-02-26 (16-41-34).txt

Scan type: Full Scan (C:\|)

Objects scanned: 130466

Time elapsed: 41 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> Quarantined and deleted successfully.

[AdvancedSetup]

Well they look minor in nature and maybe left overs.

You may want to do an online AV scan to confirm.

PANDA ONLINE SCAN

Please go >here< to run Panda's ActiveScan

• Once you are on the Panda site, click the Scan your PC now button
  
• A new window will open...click the Scan Now button
  
• Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  
• Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  
• When the scan has finished, click on Export To
  
• Save the file as Activescan.txt to your Desktop
  
• Close the Activescan window then go to your Desktop
  
• Double-click on Activescan.txt and it will open in Notepad
  
• In Notepad, click Edit > Select all, then Edit > Copy
  
• Reply to this thread and click Ctrl+V to paste the log in your reply
  

PANDA ONLINE SCAN

[Highcountryrider]

Well they look minor in nature and maybe left overs.

You may want to do an online AV scan to confirm.

Thanks for the reply. I'll try and get the owner to run Panda and post back the results. Don't know about Malware.Trace but the two others look like leftover links to AV360. I had seen a reference on another site that the directory C:\Program Files\Common Files\System\Uninstall is created by AV360. I know I don't have this Unistall directory on my Wiin XP Pro SP3 system. Any problem in deleting this directory if it is empty?

[AdvancedSetup]

Nope shouldn't be an issue.

[AdvancedSetup]

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.