Help
ran this - but forgot the updates so running again with the updates. The red shield for teh autoupdates is still there in the system tray
Scott Molina: Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6507
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/5/2011 10:10:48 AM
mbam-log-2011-05-05 (10-10-48).txt
Scan type: Quick scan
Objects scanned: 212385
Time elapsed: 21 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hijacked browser XP Anit-Sypware 2011 - Do not have Malwares bytes help need help fixing hijacked browser and removing XP anti-spyware 2011
Back to top
#32
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 05 May 2011 - 12:22 PM
Ok, if its still there we need to run rkill again,then MBAm again.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#33
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 12:24 PM
hmm ok let me get the link to rkill again then I will be ready - I have to take off in about a half an hour and should be back around
4 ET if I dont repsond in fact Ihave to go now
4 ET if I dont repsond in fact Ihave to go now
#34
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 05 May 2011 - 12:25 PM
My bad
b]RKill....[/b]
Please download Rkill by Grinler and save it to your desktop.
Do not reboot your computer after running rkill as the malware programs will start again.
^^
If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.
If RKill won't run..Try this .... download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.
Do not reboot your computer after running rkill as the malware programs will start again.
b]RKill....[/b]
Please download Rkill by Grinler and save it to your desktop.
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista, right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
Do not reboot your computer after running rkill as the malware programs will start again.
^^
If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.
If RKill won't run..Try this .... download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.
Do not reboot your computer after running rkill as the malware programs will start again.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#35
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 03:07 PM
hi im back re ran rkill the shiled is still there now I am re running malware bytes talk soon after teh last scan
#36
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 03:20 PM
alwarebytes' Anti-Malware 1.50.1.1100
cleanm again and the shield is there still it appears to be a windows update issue
www.malwarebytes.org
Database version: 6514
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/5/2011 1:19:31 PM
mbam-log-2011-05-05 (13-19-31).txt
Scan type: Quick scan
Objects scanned: 213053
Time elapsed: 14 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
cleanm again and the shield is there still it appears to be a windows update issue
www.malwarebytes.org
Database version: 6514
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/5/2011 1:19:31 PM
mbam-log-2011-05-05 (13-19-31).txt
Scan type: Quick scan
Objects scanned: 213053
Time elapsed: 14 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#37
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 03:37 PM
hi from the MS website - but none of the fixes work - it was updating fine prior to this virus any ideas?
Symptom 1
When you try to connect to Microsoft Windows Update or Microsoft Update, you receive the following error code:
0x80070424
Back to the top
Symptom 2
On a computer that is running Windows XP Service Pack 2 (SP2), you encounter one or more of the following problems:
The Automatic Updates feature is turned off in Security Center and you cannot turn this feature on.
The Automatic Updates service is missing from the Services snap-in.
The registry is missing one or both of the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WUAUSERV
Symptom 1
When you try to connect to Microsoft Windows Update or Microsoft Update, you receive the following error code:
0x80070424
Back to the top
Symptom 2
On a computer that is running Windows XP Service Pack 2 (SP2), you encounter one or more of the following problems:
The Automatic Updates feature is turned off in Security Center and you cannot turn this feature on.
The Automatic Updates service is missing from the Services snap-in.
The registry is missing one or both of the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WUAUSERV
#38
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 03:47 PM
hi I think I fixed it I ran the following at the command line:
regsvr32 wuaueng.dll
then I went into the system in the control panel and applied the
updates to every day and it refreshed and got rid of the shiled YAY!
regsvr32 wuaueng.dll
then I went into the system in the control panel and applied the
updates to every day and it refreshed and got rid of the shiled YAY!
#39
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 03:49 PM
running MWB again I did one more update (third one today on MWB) - I want to make sure its coming back cleanly and then I will re boot
can I remove the rkill program when done?
can I remove the rkill program when done?
#40
- Member
-
- Group: Members
- Posts: 83
- Joined: 18-November 09
Posted 05 May 2011 - 04:01 PM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6515
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/5/2011 2:00:46 PM
mbam-log-2011-05-05 (14-00-46).txt
Scan type: Quick scan
Objects scanned: 213965
Time elapsed: 12 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 6515
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/5/2011 2:00:46 PM
mbam-log-2011-05-05 (14-00-46).txt
Scan type: Quick scan
Objects scanned: 213965
Time elapsed: 12 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#41
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 05 May 2011 - 06:03 PM
Edited
If alls is good after running a while we will mop up.
You did great there.
You can remove.
Since you've changed the regitry now you you should BACK UP the registry. Always back up your registry before making any changes.next time. Then you will always have a good one yo reinstall if ypu make an error.
Go to Start » Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File » Exit.
Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.
If alls is good after running a while we will mop up.
You did great there.
You can remove.
Since you've changed the regitry now you you should BACK UP the registry. Always back up your registry before making any changes.next time. Then you will always have a good one yo reinstall if ypu make an error.
Go to Start » Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File » Exit.
Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.
This post has been edited by boopme: 05 May 2011 - 06:13 PM
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
