BleepingComputer.com: Question- Antivirus Action - Hijackthis

Looking at your initial post, I suspect a deeper look at the system will be necessary.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom

OH MY FRICKIN FLIPPIN GOSH THANK YOU! :D

I showered while it ran and i came back and it found 5 and it's goneeeeeeee!!!! :D

Orange Blossom, on 12 November 2010 - 10:19 PM, said:

Thank you but I got it with the help of the previous poster

Post the MBAM log please.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5104

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/12/2010 10:27:43 PM
mbam-log-2010-11-12 (22-27-43).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 262068
Time elapsed: 29 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qcscyfeb (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ibfutsvd (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kate McGuire\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kate McGuire\Local Settings\Temp\gxnphpqxg\gefwwmdtsbl.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

That looks good to me. No further issues showing there.

Don't forget steps #18, #19, & #20 <<< Important!

You should then be right to go ....

I don't know why OB suggested that you post in the MR forum with logs, unless she saw something that I didn't see ... I will go have a look at your initial post again to check.

Thank you again! :D

and so sorry I was kinda snappy with you, you were just trying to help but it was honestly just cause I'm not feeling well. Have a nice night,and thank you so much.

rtc<3, on 12 November 2010 - 10:33 PM, said:

Great! Glad we could help.

Yes, you are right to go. I had a look at your first post and there is nothing there to indicate that you might have a more serious issue.

Let us know if you have any further questions.

Take care and good luck. My sympathies: Hope you feel better soon.

PS ... no worries about the snappy bit ... we understand (but sometimes forget) how stressful it can be on the other end of this forum.