BleepingComputer.com: MBAM Log finds 3 infections, not sure if it's spyware or virus

Sorry for the long delay in my response, I had to step out for a while. Interesting that this Registry Booster is on my PC when I don't remember installing it. Again, no telling what my husband clicked. Have you heard of anyone getting a virus from downloading a free online book in the format of ePub? That's the only reason I can think of where this "thing" came from.

Okay so now what are my next steps?

Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.

There are no guarantees or shortcuts when it comes to malware removal. Infections and severity of damage will vary. The longer malware remains on your system, the more time it has to download additional malicious files. Depending on the infection you are dealing with, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and security tools may not find all the remnants.

In any case, I can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing. How is your computer running now? Are there any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects?

Luckily I have not seen any pop-ups or signs of the pc running slow. I am looking now for the Registry Booster and have not found anything in Control Panel or a file search. After my last Root-kit infection I have added AdBlockerPlus and No Script to my Firefox browser. I am very careful of what sites I visit (except the recent free e-book site) and have tried to pass this along to my hubby as well to avoid another problem. Maybe I should just start disconnecting the internet at night?

How do I uninstall Registry Booster?

If there is no entry in Add/Remove and no uninstall file in the prgoram's folder, then it's probably already been removed and those detections were only remnants left behind. Some uninstallers are not very good at removing everything they originally installed.

I double-checked your previous log and those detections are actually in a temp folder in Documents and Settings and in temporary Internet Files content. Its possible the program was never downloaded and installed completely.

I honestly do not remember installing it. I think I will run TFC to make sure everything else is clean. You have a been a great help to me and I cannot thank you enough!

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use Disk Cleanup to remove all but the most recently created Restore Point.
  
• Go to > Run... and type: Cleanmgr
  
• Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
  
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  
• Click Yes, then click Ok.
  
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
  
• Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links:

• Create a New Restore Point in Vista or Windows 7
  
• Disk Cleanup in Vista
  
• Disk Cleanup in Windows 7

Firefox seems to be running a little slower again and sometimes even taking a while to close. Could this possibly be due to AdBlockerPlus and NoScript?

If this is so then I will not worry about it. I'm glad you mentioned the System Restore point because I had created one after the removal of the RootKit virus and I just checked and no longer see this restore point.

Also I checked the box to uninstall Eset when closing and it is still there as well as Norman Malware. Will it hurt to leave these on my system?

I also now remember the UniBlue program that I downloaded and it is still there. I am in the process of removing every trace of it now.

Thank you again!

This post has been edited by tide_belle: 27 January 2011 - 08:27 PM

Normal Malware Cleaner is frequently updated. You can right-click on it and manually delete as it is a stand-alone program. You can leave Eset alone and use it for second opinion scans when needed.

Your issues with FireFox's performance are not uncommon and many users have had similar problems. Use the suggestions in the links below to troubleshoot add-ons and tweak FireFox settings. Some add-ons and plugins can impact system performance and cause compatibility issues such as application hangs (freezing). There is no universal "one size fits all" solution that works for everyone so you have to experiment.

Optimizing FireFox:

• Basic Troubleshooting for Firefox
  
• Firefox Tweak Guide: Understanding, Using and Tweaking
  
• How To Make Firefox Faster
  
• Troubleshooting extensions and themes
  
• Troubleshooting Plugins and Add-ons in Firefox
  
• Firefox Running Slow? Problematic Extensions Could Be The Reason!
  
• Reducing memory usage in Firefox
  
• Firefox Hangs

Note: Firefox will generally take longer than IE to start simply because it has more data to load. Also, due to the way Firefox caches pages it will use more RAM the longer the browser is open. Closing and restarting more often will clear that out and should lower your resource usage dramatically.

By default Firefox checks for three different updates (Firefox, Installed Add Ons and Search Engines) when launching the program. Try turning off Automatic updates. Go to Tools > Options > Advanced > Updated tab and uncheck "Automatically check for updates to Firefox", then click Ok.

Tweaks to make Firefox load faster:

• Increasing Firefox startup speed
  
• How To Make Firefox Load Faster <- you can ignore the part on FireTune and just use the shortcut tweak
  
• Firefox slow? Limit history size to improve speed <- use the drop down arrow to select "Use custom settings for history"
  
• Workaround for Firefox 3.5 slow startups on Windows

Tweaks to make Firefox render pages quickly:

• Firefox consumes a lot of CPU resources
  
• Firefox 3 High CPU Use? Try This Fix
  
• How To Solve 100% CPU Hogging by Firefox in 2 Steps

If you continue to have issues with FireFox start a new topic in our Internet/Browser forum, search the FireFox Knowledge Base or contact FireFox Support where you can ask a question, use live chat or post in their forums.

This post has been edited by quietman7: 28 January 2011 - 07:14 AM

Thank you, I am saving this topic to refer back to if it continues. It comes and it goes and wonder if maybe an update for another application might be downloading at the same time. Thank you for your time and help, I greatly appreciate it! Have a great weekend.

You're welcome.

Tips to protect yourself against malware and reduce the potential for re-infection:

• Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to Updating your computer. Microsoft also recommends Internet 6 and 7 users to upgrade their browsers due to security vulnerabilities which can be exploited by hackers.

• Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

• Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

• P2P Software User Advisories
  
• Risks of File-Sharing Technology

• Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

• Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.

Quote

Microsoft Security Advisory (967940): Update for Windows Autorun
Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

• Always update vulnerable software like Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these programs have vulnerabilities that malicious sites can use to exploit and infect your system.

• Time to Update Your Adobe Reader
  
• Adobe Security bulletins and advisories
  
• Microsoft: ‘Unprecedented Wave of Java Exploitation’

• Change all passwords: Anytime you encounter a malware infection on your computer, especially if that computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change passwords as a precaution in case an attacker was able to steal your information when the computer was infected. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

• Security Resources from Microsoft:

• Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
  
• Threats and Countermeasures: Security Settings in Windows Server 2008 and Windows Vista
  
• Microsoft Solutions for Security: The Antivirus Defense-in-Depth Guide

• Other Security Resources:

• Simple and easy ways to keep your computer safe and secure on the Internet
  
• Malware Prevention - Preventing Re-infection
  
• Hardening Windows Security - Part 1 & Part 2
  
• How to Stop 11 Hidden Security Threats
  
• Your Guide To Staying Safe Online

• Browser Security Resources:

• Configuring Internet Explorer for Practical Security and Privacy
  
• How to Secure Your Web Browser
  
• Safe Web practices - How to remain safe on the Internet
  
• Use Task Manager to close pop-up messages to safely exit malware attacks

This post has been edited by quietman7: 28 January 2011 - 04:49 PM

Thank you again for all of the useful information. I can see now that I am
probably the cause of the infection from this site hxxp://mobileread.com/forums/ebooks.php
where there are free books for download. Now there needs be a blog on how to
stay safe when using your Nook or using your computer to download books for the
Nook. Sometimes computers make our lives more complicated, or should I say
hackers.

This post has been edited by quietman7: 30 January 2011 - 09:43 PM

I edited your topic to disable that link. If that's is where you believe your machine became infected, we certainly wouldn't want anyone else to click on it and get something they were not expecting.

Stay safe and have a malware free day.

Good idea! Maybe others will be aware and not act as rash as I did. I always keep safety first and foremost when using the internet, I hope others will remember to do the same. Many thank you's.