Welcome guest, is this your first visit? Create Account now to join.
  • Login:

Welcome to the OldVersion.com Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed.

Results 1 to 6 of 6
  1. #1

    Default need help uncle has had virus's for awhile

    Malwarebytes' Anti-Malware 1.43
    Database version: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/16/2010 5:56:32 AM
    mbam-log-2010-01-16 (05-56-28).txt

    Scan type: Quick Scan
    Objects scanned: 178651
    Time elapsed: 1 hour(s), 8 minute(s), 6 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 1
    Registry Keys Infected: 15
    Registry Values Infected: 5
    Registry Data Items Infected: 12
    Folders Infected: 31
    Files Infected: 444

    Memory Processes Infected:
    C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> No action taken.
    C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken.

    Memory Modules Infected:
    C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.
    HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> No action taken.
    HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> No action taken.
    HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\adwarealert (Rogue.AdwareAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-21-510 (Rogue.ErrorFix) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-32-040 (Rogue.ErrorFix) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\MPK\3 (Refog.Keylogger) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\MPK\4 (Refog.Keylogger) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\MPK\5 (Refog.Keylogger) -> No action taken.
    C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
    C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
    C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> No action taken.

    Files Infected:
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Local Settings\Temporary Internet Files\Content.IE5\5O7DSXEZ\8e6a4[1].exe (Spyware.Amber) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 09_03_48 AM_198.log (Rogue.AdwareAlert) -> No action taken.
    C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 10_09_41 AM_828.log (Rogue.AdwareAlert) -> No action taken.

  2. #2
    Administrator
    Join Date
    May 2003
    Location
    Uk
    Posts
    1,450

    Default

    i personally would install and use Spybot search and Adaware,run one then the other,once you have done that immunize the system using the feature in spybot.
    simply me

  3. #3
    Release Candiate 1
    Join Date
    Dec 2002
    Posts
    63

    Default

    I can't understand why Matware doesn't remove the problems your uncle has encountered. My grand daughters visit sites that invariably infest my computer with most of the virii your uncle has, and I run Malware, which cleans them out. Has he downloaded the updates for the programme. They did manage to infect my computer iwhth a virus Malware missed, so I downloaded a programme from here:-

    Roguefix Fake Security Remover v2.255 Download :: Freeware Geeks

    which got rid of it. Freewaregeeks has other spyware checkers that you may like to try.

  4. #4
    Release Candiate 1
    Join Date
    Dec 2002
    Posts
    63

    Default

    It seems strange the Malwarebytes didn't remove at least some of the infected files. My grand daughters visit a couple if sites, which download most of the problems your uncle has encountered, and Mal always removes them,
    I also use superasntispyware, which also gets rid of unwanted virii.

  5. #5
    Release Candiate 2
    Join Date
    Mar 2009
    Posts
    26

    Default malware on uncles machine

    Hello firat read the last line and see why malwarebytes did nothing, it reads no action taken which means he saw the infections but did not click show infected or did that and did not click remove which peibably would have crashed windiws upon reboot since most of the internet security would be trashed, best bet is to see uf you have a recovery sector on the hard drive
    otherwise go find a recovery CD forrgua machune and run it I dont beleive this system can stand to be strippedof all the viruses and survive it and still be useful

  6. #6
    Release Candiate 1
    Join Date
    Dec 2002
    Posts
    63

    Default

    Hopefully some of the advice you have received will have helped to clean the computer. If not you can always Google the individual trojans etc. and find an antidote.
    It is most important that when the problems have been resolved, that system restore is turned off, since the problems will have been stored there. Then turn off the computer. Turn it on again, and check to see the computer is clean, if it is, you can reinstate system restore.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •