Old Version
Because newser isn't always better
need help uncle has had virus's for awhile
This is a discussion on need help uncle has had virus's for awhile within the Programs / Support forums, part of the OldVersion.com category; Malwarebytes' Anti-Malware 1.43 Database version: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/16/2010 5:56:32 AM mbam-log-2010-01-16 (05-56-28).txt Scan ...
|
|||||||
| Register | FAQ | Members List | Social Groups | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2010, 06:24 AM
|
#1 (permalink) |
|
Gold
Join Date: Jan 2010
Posts: 7
|
need help uncle has had virus's for awhile
Database version: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/16/2010 5:56:32 AM mbam-log-2010-01-16 (05-56-28).txt Scan type: Quick Scan Objects scanned: 178651 Time elapsed: 1 hour(s), 8 minute(s), 6 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 15 Registry Values Infected: 5 Registry Data Items Infected: 12 Folders Infected: 31 Files Infected: 444 Memory Processes Infected: C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> No action taken. C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken. Memory Modules Infected: C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken. HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\adwarealert (Rogue.AdwareAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-21-510 (Rogue.ErrorFix) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-32-040 (Rogue.ErrorFix) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> No action taken. C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken. C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken. C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken. C:\Documents and Settings\All Users\Application Data\MPK\3 (Refog.Keylogger) -> No action taken. C:\Documents and Settings\All Users\Application Data\MPK\4 (Refog.Keylogger) -> No action taken. C:\Documents and Settings\All Users\Application Data\MPK\5 (Refog.Keylogger) -> No action taken. C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken. C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> No action taken. Files Infected: C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Local Settings\Temporary Internet Files\Content.IE5\5O7DSXEZ\8e6a4[1].exe (Spyware.Amber) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 09_03_48 AM_198.log (Rogue.AdwareAlert) -> No action taken. C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 10_09_41 AM_828.log (Rogue.AdwareAlert) -> No action taken. |
|
|
|
01-16-2010, 09:21 PM
|
#2 (permalink) |
|
Administrator
Join Date: May 2003
Posts: 1,423
|
i personally would install and use Spybot search and Adaware,run one then the other,once you have done that immunize the system using the feature in spybot.
__________________
old fishermen never die,we just smell that way |
|
|
|
|
01-18-2010, 12:59 AM
|
#3 (permalink) |
|
Release Candiate 1
Join Date: Dec 2002
Posts: 63
|
I can't understand why Matware doesn't remove the problems your uncle has encountered. My grand daughters visit sites that invariably infest my computer with most of the virii your uncle has, and I run Malware, which cleans them out. Has he downloaded the updates for the programme. They did manage to infect my computer iwhth a virus Malware missed, so I downloaded a programme from here:-
Roguefix Fake Security Remover v2.255 Download :: Freeware Geeks which got rid of it. Freewaregeeks has other spyware checkers that you may like to try. |
|
|
|
|
01-18-2010, 01:01 AM
|
#4 (permalink) |
|
Release Candiate 1
Join Date: Dec 2002
Posts: 63
|
It seems strange the Malwarebytes didn't remove at least some of the infected files. My grand daughters visit a couple if sites, which download most of the problems your uncle has encountered, and Mal always removes them,
I also use superasntispyware, which also gets rid of unwanted virii. |
|
|
|
|
01-29-2010, 05:51 AM
|
#5 (permalink) |
|
Release Candiate 2
Join Date: Mar 2009
Posts: 27
|
malware on uncles machine
Hello firat read the last line and see why malwarebytes did nothing, it reads no action taken which means he saw the infections but did not click show infected or did that and did not click remove which peibably would have crashed windiws upon reboot since most of the internet security would be trashed, best bet is to see uf you have a recovery sector on the hard drive
otherwise go find a recovery CD forrgua machune and run it I dont beleive this system can stand to be strippedof all the viruses and survive it and still be useful |
|
|
|
|
01-30-2010, 09:05 PM
|
#6 (permalink) |
|
Release Candiate 1
Join Date: Dec 2002
Posts: 63
|
Hopefully some of the advice you have received will have helped to clean the computer. If not you can always Google the individual trojans etc. and find an antidote.
It is most important that when the problems have been resolved, that system restore is turned off, since the problems will have been stored there. Then turn off the computer. Turn it on again, and check to see the computer is clean, if it is, you can reinstate system restore. |
|
|
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT -5. The time now is 10:00 PM.
