BleepingComputer.com: Open with problem after removing XP internet security 2011 Virus

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Open with problem after removing XP internet security 2011 Virus

#1 User is offline   mastle 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 05-April 11

Posted 05 April 2011 - 06:31 AM

Hello,

I had the XP internet security 2011 virus and after reading and following the instructions found here > http://www.bleepingcomputer.com/forums/topic388744.html i managed to remove the Virus. I did all of this in Safemode, i then loaded my computer normally and when trying to open files like Winamp,Malware,Ad-Aware or any programs it will pop and and ask me what i want to open with. This however does not occur while im in Safe mode. I can open My Computer and access all Drives, The Windows Security Alerts i cannot open as it will ask me what i want to open it with i also cannot seem to get updates from Windows "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.". How do i fix this?

Here is what i did.

Ran eXehelper.
Did a fullscan with Malwarebytes' Anti-Malware.
Did a fullscan with SUPERAntiSpyware Free Edition.
Did a fullscan with Eset online scanner.

My logs are below :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6273

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

05/04/2011 09:41:01
mbam-log-2011-04-05 (09-41-01).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|J:\|)
Objects scanned: 446333
Time elapsed: 43 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Malcolm J.Astle\Local Settings\Application Data\fkt.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Malcolm J.Astle\Local Settings\Application Data\fkt.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Malcolm J.Astle\Local Settings\Application Data\fkt.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\malcolm j.astle\application data\Sun\Java\deployment\cache\6.0\26\45140e5a-1fffc312 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\malcolm j.astle\local settings\application data\fkt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\malcolm j.astle\local settings\application data\yjv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP238\A0463713.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP238\A0463714.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP227\A0439861.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453649.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453650.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453651.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453652.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453653.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453654.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{1f55420b-4ce1-4c84-9f86-9e545b920e38}\RP237\A0453655.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\ms office\office 2010 activation and conversion kit 1.6(1).exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\ms office\office 2010 activation and conversion kit 1.6.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
i:\PUZZLES1\lost.and.found.v1.00.0\lost.and.found.v1.00.0.incl.keygen-theta\nfoviewer.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
i:\system volume information\_restore{3231d099-61a7-42ec-a3ee-32488160a705}\RP39\A0029561.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
j:\system volume information\_restore{2c7841fe-28fe-4277-949c-e8fa936c6684}\RP14\A0008989.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
j:\system volume information\_restore{3e3190ff-c60c-4f31-aae4-33df11ee52a1}\RP256\A0088481.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
c:\documents and settings\administrator.malcolms\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2011 at 10:19 AM

Application Version : 4.50.1002

Core Rules Database Version : 6754
Trace Rules Database Version: 4566

Scan type       : Complete Scan
Total Scan Time : 00:24:33

Memory items scanned      : 254
Memory threats detected   : 0
Registry items scanned    : 6768
Registry threats detected : 1
File items scanned        : 27586
File threats detected     : 55

System.BrokenFileAssociation
	HKCR\.exe

Adware.Tracking Cookie
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@atdmt[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@apmebf[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@media6degrees[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@adtech[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@technoratimedia[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@www.googleadservices[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@adserver.adtechus[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@xiti[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@ru4[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@adbrite[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@specificclick[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@revsci[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@tacoda.at.atwola[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@tribalfusion[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@at.atwola[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@invitemedia[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@imrworldwide[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@content.yieldmanager[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@hotdownloads2[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@www.googleadservices[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@ads.bleepingcomputer[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@kontera[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@interclick[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@doubleclick[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@stopzilla[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@statcounter[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@burstnet[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@gr.burstnet[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@advertising[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@mediaplex[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@collective-media[3].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@www.stopzilla[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@ar.atwola[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@ad.yieldmanager[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@www.burstnet[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@yieldmanager[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@www.googleadservices[3].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@tacoda[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@smartadserver[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@clickbank[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@collective-media[2].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@octofinder[1].txt
	C:\Documents and Settings\Administrator.MALCOLMS\Cookies\administrator@statcounter[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@1clickmovies[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@4adult.softarchive[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@advancedsearch.virginmedia[2].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@doubleclick[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@softlinkers[2].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@waz-warez[2].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@virginmedia[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@warezforum[2].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@waz-warez[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@www.findhotfile[1].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@www.findhotfile[2].txt
	C:\Documents and Settings\Malcolm J.Astle\Cookies\malcolm_j.astle@xxx.softarchive[1].txt


Thank you.

This post has been edited by mastle: 05 April 2011 - 06:48 AM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users