BleepingComputer.com: Rogue anti-spyware installed itself, printer disabled

Okay just so I am clear.
1) I should run SAS in SAFE MODE, remove anything found and copy and post the log.
2) Then I reboot in normal mode and run MBAM and copy and paste log. ...
3) At what point do I disable Trend Micro PC-cillin?

4) DO I need to run ESET again? or TFC?

Quote

No.

Quote

Disable before you start running the scans. Ensure that you re-enable after running both scans.

Quote

Check for updates and run SAS according to the instructions in the previous post #24

Quote

Yes, Check for updates and run MBAM according to the instructions in the previous post #30

Okay here are the two logs... a curious thing happened. I had turned off real time virus protection on Trend Micro PC-cillin before running these tests . When tried to turn the virus protection back on, it was already ON again?!

I ran the SAS first in Safe Mode last night. And when I got up this am, I rebooted in normal mode and ran the MBAM. Does PC-Cillin automatically turn on virus protection when rebooting?

Should I turn OFF PC-Cillin and run MBAM again?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5150

Windows 6.0.6000
Internet Explorer 7.0.6000.16890

11/19/2010 5:44:26 AM
mbam-log-2010-11-19 (05-44-26).txt

Scan type: Quick scan
Objects scanned: 175003
Time elapsed: 13 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/18/2010 at 05:24 PM

Application Version : 4.45.1000

Core Rules Database Version : 5883
Trace Rules Database Version: 3695

Scan type : Complete Scan
Total Scan Time : 02:00:44

Memory items scanned : 322
Memory threats detected : 0
Registry items scanned : 8341
Registry threats detected : 0
File items scanned : 157100
File threats detected : 7

Adware.Tracking Cookie
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@eset.122.2o7[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@avl.112.2o7[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@doubleclick[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@hitbox[2].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@2o7[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@ehg-eset.hitbox[1].txt
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Cookies\dad@statse.webtrendslive[1].txt








Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This post has been edited by Cranqueen: 19 November 2010 - 09:12 AM

I went ahead and disabled PC-cillin and ran MBAM again. No viruses found! But I have another weird issue. I cannot get my favorite blog to open up www.burchperch.blogspot.com where my daughter-in-law posts pix of my new grandbaby. I was able to open it 2 days ago. I can open others' but not hers... what the heck?

Cranqueen, on 19 November 2010 - 12:40 PM, said:

Can you access this now? Do you still have a problem?

Your logs look clean. How's the computer running now? Any other issues?

Did you make any progress with your ?un/installation of Secunia?

This post has been edited by AustrAlien: 21 November 2010 - 05:35 AM

Quote

I am still unable to access wwww.burchperch.blogspot.com from this computer. I may have deleted something inadvertently. I was trying to stop Windows Live from popping up every time I log on (since I NEVER use it) and deleted anything resembling Windows Live from programs, maybe I deleted something I needed to view her website? Makes me sad.

Quote

The computer is behaving itself now. Even the tracking thing seems to be gone...I am able to enter a password without having to stop and re-enter it again and again. Thank you for all your help. PS My husband dowloaded Microsoft Security Essentials so we have that and Trend Micro PC-cillin. Hopefully these will discourage future spyware(s) from taking over...

Quote

I was able to stop it from popping up upon start-up which is a huge relief. I will fiddle with it again and see if I can understand how to use it. As I said in another post, when I clicked to see how to resolve an issue, Microsoft Word would open and there would be a bunch of unreadable symbols. But that is not a huge issue right now. If I cannot get it to work, I will come back to Bleeping for assistance. Thank you for EVERYTHING!

This post has been edited by Cranqueen: 21 November 2010 - 03:14 PM

Cranqueen, on 21 November 2010 - 03:12 PM, said:

I recommend that you do NOT have more than one anti-virus product installed and running on your computer at the same time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened: Again this is the resident/automatic protection. In general terms, the two programs may conflict with each other and cause:

• False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  
• System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
  
• Compromised security: Your security may actually be reduced, rather than increased.

Therefore please go to Add/Remove Programs (XP) or Programs and Features (Vista) in the Control Panel and remove either Trend-Micro or Microsoft Security Essentials.