PDA

View Full Version : need help uncle has had virus's for awhile


tonydandre
01-16-2010, 06:24 AM
Malwarebytes' Anti-Malware 1.43
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/16/2010 5:56:32 AM
mbam-log-2010-01-16 (05-56-28).txt

Scan type: Quick Scan
Objects scanned: 178651
Time elapsed: 1 hour(s), 8 minute(s), 6 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 5
Registry Data Items Infected: 12
Folders Infected: 31
Files Infected: 444

Memory Processes Infected:
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> No action taken.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\adwarealert (Rogue.AdwareAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-21-510 (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-32-040 (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\3 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\4 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\5 (Refog.Keylogger) -> No action taken.
C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> No action taken.

Files Infected:
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Local Settings\Temporary Internet Files\Content.IE5\5O7DSXEZ\8e6a4[1].exe (Spyware.Amber) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 09_03_48 AM_198.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 10_09_41 AM_828.log (Rogue.AdwareAlert) -> No action taken.
the gaffer
01-16-2010, 09:21 PM
i personally would install and use Spybot search and Adaware,run one then the other,once you have done that immunize the system using the feature in spybot.
mokopuna
01-18-2010, 12:59 AM
I can't understand why Matware doesn't remove the problems your uncle has encountered. My grand daughters visit sites that invariably infest my computer with most of the virii your uncle has, and I run Malware, which cleans them out. Has he downloaded the updates for the programme. They did manage to infect my computer iwhth a virus Malware missed, so I downloaded a programme from here:-

Roguefix Fake Security Remover v2.255 Download :: Freeware Geeks (http://www.freewaregeeks.com/?page=detail&get_id=2086&category=50)

which got rid of it. Freewaregeeks has other spyware checkers that you may like to try.
mokopuna
01-18-2010, 01:01 AM
It seems strange the Malwarebytes didn't remove at least some of the infected files. My grand daughters visit a couple if sites, which download most of the problems your uncle has encountered, and Mal always removes them,
I also use superasntispyware, which also gets rid of unwanted virii.
Tpneer2
01-29-2010, 05:51 AM
Hello firat read the last line and see why malwarebytes did nothing, it reads no action taken which means he saw the infections but did not click show infected or did that and did not click remove which peibably would have crashed windiws upon reboot since most of the internet security would be trashed, best bet is to see uf you have a recovery sector on the hard drive
otherwise go find a recovery CD forrgua machune and run it I dont beleive this system can stand to be strippedof all the viruses and survive it and still be useful
mokopuna
01-30-2010, 09:05 PM
Hopefully some of the advice you have received will have helped to clean the computer. If not you can always Google the individual trojans etc. and find an antidote.
It is most important that when the problems have been resolved, that system restore is turned off, since the problems will have been stored there. Then turn off the computer. Turn it on again, and check to see the computer is clean, if it is, you can reinstate system restore.