hi
Each time I open IE I receive a Spybot registry entry notification for ITBarLayout. i have to deny it every time.
ialso have a message keep pooping up saying ..... notice , if your computor has been running slower than normal, it may be infected with viruses, adaware or spyware. maleware alarm will perform a quick and compleatly free scan. please click on link...and so on...
i would be greatful if somebody would be able to help with
many thanks
Full Version: Spybot Reg Change
Hello geasy,
What is your operating system: Windows XP, Vista, etc.?
What security programs, besides Spybot, do you have on your computer?
Also, please verify: Does the pop up say maleware alarm or malware alarm? Exact spelling is crucial for proper identification.
At this point, I would suggest running a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode.
Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware
Be sure to click on the download button to the left, not on the free trial download on the right.
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
Please post the log in your reply.
Orange Blossom
What is your operating system: Windows XP, Vista, etc.?
What security programs, besides Spybot, do you have on your computer?
Also, please verify: Does the pop up say maleware alarm or malware alarm? Exact spelling is crucial for proper identification.
At this point, I would suggest running a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode.
Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware
Be sure to click on the download button to the left, not on the free trial download on the right.
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantining.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
Please post the log in your reply.
Orange Blossom
hi and thanks for replying.
im running xp with service pack 2.
the spelling is malwarealarm.
and im having all kinds of probs with pc at the mo, from running realy slow to hundreds of pop ups and avg keeps finding trojains
im running xp with service pack 2.
the spelling is malwarealarm.
and im having all kinds of probs with pc at the mo, from running realy slow to hundreds of pop ups and avg keeps finding trojains
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/25/2008 at 02:57 AM
Application Version : 3.9.1008
Core Rules Database Version : 3408
Trace Rules Database Version: 1400
Scan type : Complete Scan
Total Scan Time : 02:08:00
Memory items scanned : 169
Memory threats detected : 2
Registry items scanned : 4549
Registry threats detected : 15
File items scanned : 60811
File threats detected : 33
Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\JKKJKII.DLL
C:\WINDOWS\SYSTEM32\JKKJKII.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkjkii
C:\WINDOWS\SYSTEM32\KHFFFED.DLL
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKHFF.DLL
C:\WINDOWS\SYSTEM32\JKHFF.DLL
HKLM\Software\Classes\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}\InprocServer32
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}
HKCR\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}
HKCR\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}\InprocServer32
HKCR\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
Adware.Tracking Cookie
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@tribalfusion[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad.yieldmanager[3].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@yadro[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@www.admedia365[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@antispywaresuite[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@clicksor[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@edge.ru4[3].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@bestsellerantivirus[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@3.adbrite[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad.yieldmanager[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad.zanox[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad2networks.advertserve[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@adopt.euroclick[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@banner[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@bizadverts[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@clicktorrent[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@edge.ru4[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@overture[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@prospect.adbureau[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@questionmarket[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@realmedia[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@tribalfusion[2].txt
Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
HKLM\Software\xpre
HKLM\Software\xpre#execount
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ADEEG.INI
C:\WINDOWS\SYSTEM32\CFHKJ.INI
C:\WINDOWS\SYSTEM32\FFHKJ.INI
C:\WINDOWS\SYSTEM32\FFHKJ.INI2
Trace.Known Threat Sources
C:\Documents and Settings\geasy.BADASS-E8537735\Local Settings\Temporary Internet Files\Content.IE5\IV2HM1U7\CA8XSP0V.htm
C:\Documents and Settings\geasy.BADASS-E8537735\Local Settings\Temporary Internet Files\Content.IE5\EHOV8VW3\window[1].js
C:\Documents and Settings\geasy.BADASS-E8537735\Local Settings\Temporary Internet Files\Content.IE5\EHOV8VW3\errorhandler[1].htm
http://www.superantispyware.com
Generated 02/25/2008 at 02:57 AM
Application Version : 3.9.1008
Core Rules Database Version : 3408
Trace Rules Database Version: 1400
Scan type : Complete Scan
Total Scan Time : 02:08:00
Memory items scanned : 169
Memory threats detected : 2
Registry items scanned : 4549
Registry threats detected : 15
File items scanned : 60811
File threats detected : 33
Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\JKKJKII.DLL
C:\WINDOWS\SYSTEM32\JKKJKII.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkjkii
C:\WINDOWS\SYSTEM32\KHFFFED.DLL
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKHFF.DLL
C:\WINDOWS\SYSTEM32\JKHFF.DLL
HKLM\Software\Classes\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}\InprocServer32
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}
HKCR\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}
HKCR\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}\InprocServer32
HKCR\CLSID\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7B6076-F5FE-49CA-BE56-17E3EC3652CC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
HKCR\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}
Adware.Tracking Cookie
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@tribalfusion[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad.yieldmanager[3].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@yadro[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@www.admedia365[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@antispywaresuite[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@clicksor[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@edge.ru4[3].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@bestsellerantivirus[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@3.adbrite[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad.yieldmanager[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad.zanox[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@ad2networks.advertserve[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@adopt.euroclick[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@banner[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@bizadverts[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@clicktorrent[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@edge.ru4[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@overture[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@prospect.adbureau[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@questionmarket[2].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@realmedia[1].txt
C:\Documents and Settings\geasy.BADASS-E8537735\Cookies\geasy@tribalfusion[2].txt
Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
HKLM\Software\xpre
HKLM\Software\xpre#execount
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ADEEG.INI
C:\WINDOWS\SYSTEM32\CFHKJ.INI
C:\WINDOWS\SYSTEM32\FFHKJ.INI
C:\WINDOWS\SYSTEM32\FFHKJ.INI2
Trace.Known Threat Sources
C:\Documents and Settings\geasy.BADASS-E8537735\Local Settings\Temporary Internet Files\Content.IE5\IV2HM1U7\CA8XSP0V.htm
C:\Documents and Settings\geasy.BADASS-E8537735\Local Settings\Temporary Internet Files\Content.IE5\EHOV8VW3\window[1].js
C:\Documents and Settings\geasy.BADASS-E8537735\Local Settings\Temporary Internet Files\Content.IE5\EHOV8VW3\errorhandler[1].htm
Hello geasy,
Thanks for posting the log. Your computer has been infected, among other things, with Vundo. Please follow the directions in this guide: http://www.bleepingcomputer.com/forums/topic18610.html
If you have any questions as you go through the guide, please ask them as a reply in this thread. When you have finished the guide, please post the Vundo log as a reply.
Orange Blossom
Thanks for posting the log. Your computer has been infected, among other things, with Vundo. Please follow the directions in this guide: http://www.bleepingcomputer.com/forums/topic18610.html
If you have any questions as you go through the guide, please ask them as a reply in this thread. When you have finished the guide, please post the Vundo log as a reply.
Orange Blossom
scaned my pc with vundofix and it found 4 infected files.
i fixed them and 3 where fixed right away and the other one was fixed on rebote.
i cant find how you get the log .
spybot no longer asking to change reg and pc runing a lot faster. is there anything else i need to do.
really appreciate your help with this
VundoFix V6.7.9
Checking Java version...
Scan started at 16:22:15 25/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkkjkii.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjkii.dll
C:\WINDOWS\system32\jkkjkii.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkjkii.dll
C:\WINDOWS\system32\jkkjkii.dll Has been deleted!
Performing Repairs to the registry.
Done!
i fixed them and 3 where fixed right away and the other one was fixed on rebote.
i cant find how you get the log .
spybot no longer asking to change reg and pc runing a lot faster. is there anything else i need to do.
really appreciate your help with this
VundoFix V6.7.9
Checking Java version...
Scan started at 16:22:15 25/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkkjkii.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjkii.dll
C:\WINDOWS\system32\jkkjkii.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkjkii.dll
C:\WINDOWS\system32\jkkjkii.dll Has been deleted!
Performing Repairs to the registry.
Done!
Lets do one more scan.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
- Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
- On the Scanner tab:
- Make sure the "Perform Quick Acan" option is selected.
- Then click on the Scan button.
- The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
i have done the quick scan .
here is the log
Malwarebytes' Anti-Malware 1.05
Database version: 410
Scan type: Quick Scan
Objects scanned: 29412
Time elapsed: 6 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
im now running the indepth scan and will post log as soon as complete
Malwarebytes' Anti-Malware 1.05
Database version: 410
Scan type: Quick Scan
Objects scanned: 29412
Time elapsed: 6 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
this is the log of the full scan
here is the log
Malwarebytes' Anti-Malware 1.05
Database version: 410
Scan type: Quick Scan
Objects scanned: 29412
Time elapsed: 6 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
im now running the indepth scan and will post log as soon as complete
Malwarebytes' Anti-Malware 1.05
Database version: 410
Scan type: Quick Scan
Objects scanned: 29412
Time elapsed: 6 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\acespy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
this is the log of the full scan
Ok. Let me know how it goes.
i have already posted the full scan log under the quick scan log on my other post.
im still getting loads of trojan alerts from avg, some of which will not allow me to heal or quarantine.
pc is alot faster now and spybot has stopped asking to change reg.
im still getting loads of trojan alerts from avg, some of which will not allow me to heal or quarantine.
pc is alot faster now and spybot has stopped asking to change reg.
QUOTE
im still getting loads of trojan alerts from avg
What do the alerts say? Are they providing a specific file name and location (full path) for any of these files?
they are saying c drive documents and setting geasy local settings temp packet
but when i go to open geasy file a box comes up saying access denied.
in my documents and settings there are 6 folder. 3 have blue writing and 3 have black writing. the folders with blue writing say All Users.WINDOWS Default User.WINDOWS geasy.BADASS-E8537735 the 3 with black writing say All Users Default User geasy ...... i can open all of them expect the geasy one
but when i go to open geasy file a box comes up saying access denied.
in my documents and settings there are 6 folder. 3 have blue writing and 3 have black writing. the folders with blue writing say All Users.WINDOWS Default User.WINDOWS geasy.BADASS-E8537735 the 3 with black writing say All Users Default User geasy ...... i can open all of them expect the geasy one
This issue will require further investigation. Before that can be done you will need you to create and post a hijackthis log.
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.
When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.
When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
just a quick thank you and to let you know someone is going through my hijack this log at the moment.
as soon as it has been done ill post the outcome on this thread.
as soon as it has been done ill post the outcome on this thread.
Your hijackthis log is posted here and I see that you are getting assistance from teacup61 so your in good hands.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
To avoid confusion, I am closing this topic and will monitor your other thread.
Thanks for your cooperation and good luck with your log.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
To avoid confusion, I am closing this topic and will monitor your other thread.
Thanks for your cooperation and good luck with your log.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.