Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your Privacy In Danger...couple Other Questions


  • Please log in to reply
20 replies to this topic

#1 amyl

amyl

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 May 2008 - 03:59 PM

I am new here.....hopefully I'm posting in right topic after reading introduction and through a lot of posts.
I have couple problems...dont know if it's all due to the same problem.
I am not sure of all the info you need......I have Windows XP home

I read the tutorial "how to remove XP antivirus, completed the steps and am at the point of Panda.... it's scanning now (scanning for 3hrs now only at 27%).

1. I also have the red screen as desktop background (that I cannot change) stating "Your privacy is in danger download privacy protection now".
2. I keep getting pop-ups for "system defender"
3. and spyware alret-Windows security alert pop-up "Worm.Win32.NetSky detected on machine.

I read in a previous post for the "privacy in danger" to download malwarebytes anti-malware to read "how to remove privacy protector remove inst." then to download ATF cleaner. Will these steps take care of the privacy in danger? or will it help all 3 of those prob?

For the steps to fix the 3 prob above...should I wait to do these until after xp antivirus is removed?
This might be dumb question...how will I know for sure the XP antivrus is removed? and what can I use to protect my comp from this in future...possibly that's free? I have Macafee but it asks me to register and when I create password it tells me that a login has already been created.


Oh also, my task manager is disabled

Hope this is not confusing...and that I provided enough info.

Edited by amyl, 10 May 2008 - 04:12 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 10 May 2008 - 10:13 PM

Finish that scan then then run the ATF Cleaner and finally the MBAM.

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 amyl

amyl
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 May 2008 - 11:45 PM

I ran those 2 scans here is the MBAM log report

Scan type: Quick Scan
Objects scanned: 45991
Time elapsed: 24 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 40
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\bdmnopx.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\admggxp.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\fis.amo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5015bf9d-173c-474b-9af3-77d4d23a4135} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92c3f342-45da-4511-853a-b3836aaff5f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.amo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348d7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotrlq.bvpr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{741023d3-8067-4ebd-9d57-ad8c659debd5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotrlq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{58724766-a7ea-49dc-8aa8-aa897a606b57} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{91362f7b-4d5c-4e26-8324-7354b4201492} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae829a0e-dec8-4146-9959-c054cbd4ece6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae829a0e-dec8-4146-9959-c054cbd4ece6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5026f220-f140-46c4-afbd-1b589564e273} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9fb337df-6168-478b-bcb5-e161fdfb4f10} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d8788748-8e28-499f-bd68-bbdd1e5a5966} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemdefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f70d3d8c-ba43-45ab-8235-2683738eb985} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d8462a08-5b49-4aee-984a-22884a909e5a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{741023d3-8067-4ebd-9d57-ad8c659debd5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bdmnopx (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\admggxp (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SystemDefender\logs (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008 (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SystemDefender\SystemDefender.exe (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia\ContentTool.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia\SearchTool.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\WINDOWS\emotrlq.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\dmdqdrxlgf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Local Settings\Temp\BIT37.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Local Settings\Temp\BITB7.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Local Settings\Temp\BITD.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Local Settings\Temp\BITE.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Local Settings\Temp\BITED.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT16.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT17.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT18.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT19.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1A.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1B.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT1E.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT20.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BIT33.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SystemDefender\program.info (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Program Files\SystemDefender\SystemDefender.db (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Program Files\SystemDefender\SystemDefender.pkg (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Program Files\SystemDefender\Uninstall.exe (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia\uninstallSE.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDefender\SystemDefender Uninstall.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SystemDefender\SystemDefender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SystemDefender\logs\1210477439.log (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fsxloqf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\bdmnopx.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\admggxp.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy L\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jjj\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy L\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jjj\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy L\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jjj\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy L\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\rns\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\jjj\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy L\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy L\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.



The red "privacy in danger" screen on desktop is no longer there (thank god) However, my desktop is just a blank white screen now and when I try to change it it will not?

Is there any free <b>good & safe</b> programs I can download to protect my comp for furture. Thanks for all your help!
I am not getting anymore spyware pop-ups!

When I try to open my task manager it states "task manager has been disabled by your administrator" How do I fix this? I am on the admin

Edited by amyl, 10 May 2008 - 11:59 PM.


#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:26 PM

Posted 11 May 2008 - 06:32 AM

It looks like you had 3 or more (fake)(a scam and places this program into the category of rogue security programs)
that installed recently.

Never install any program for security unless it comes highly reccomended by a forum like this one.

Even the best antivirus won't stop a malware program when you install it yourself, that's the problem, knowing what to install or not.

Did you reboot the computer so MBAM could finish?
Chewy

No. Try not. Do... or do not. There is no try.

#5 amyl

amyl
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 May 2008 - 12:23 PM

It looks like you had 3 or more (fake)(a scam and places this program into the category of rogue security programs)
that installed recently.

Never install any program for security unless it comes highly reccomended by a forum like this one.

Even the best antivirus won't stop a malware program when you install it yourself, that's the problem, knowing what to install or not.

Did you reboot the computer so MBAM could finish?




Yes, I did reboot. For the files that stated "delete on reboot" will it show in the log now that it was deleted succesfully?

I have other people that use my comp and they think they know what they are doing to fix the comp and they downloaded them. That is why I had to change me to only Admin with password. lol

Is there a way to fix my desktop background.....it was the red privacy in danger but after the scans it's just blank white screen?
Is there a way to fix my task manager? When I try to use it it states "disabled my admin"

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:26 PM

Posted 11 May 2008 - 12:33 PM

Your infection goes a little deeper, wait for Boopme's reccomendation

Rerunning MBAM and seeing if the same things are coming back is a good idea
Chewy

No. Try not. Do... or do not. There is no try.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 11 May 2008 - 03:38 PM

Please first post back the log to be sure the malware is gone then I'll give you the desktop fix.

You will want to read this prior to the desktop fix.

How to backup the Windows XP Registry?


Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 amyl

amyl
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 May 2008 - 06:49 PM

Please first post back the log to be sure the malware is gone then I'll give you the desktop fix.

You will want to read this prior to the desktop fix.

How to backup the Windows XP Registry?


Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.




Thanks so much!

Here are the scan results

Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Quick Scan
Objects scanned: 41475
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



What forum do I post in about getting some of my drivers back that was lost such as Sonic (cd/dvd etc.. burner) Upon opining I get an error that reads "feature you are trying to use is on a CD-Rom or other removable disk that is not available. Insert 'Sonic record now data' disc then it says 'please wait while Windows configures Sonic record data' It will not exit when I hit close...it just keeps trying to find the data.

Plus my comp will not turn off/restart when I choose that option. XP

Edited by amyl, 11 May 2008 - 07:00 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 11 May 2008 - 07:15 PM

First back up the registry. DO this>>

Go to Start >> Run and type: regedit
Click OK

On the left side, click to highlight My Computer at the top.
Go up to File >> Export

Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.


Choose to save it to C:\
Click save and then go to File >> Exit.
Or you can download and use ERUNT

Now go to (click Link) Kelly's Korner

Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column.
Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop.
Double-click on that file to allow the script to run and reboot when done.
Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.

Edited by boopme, 18 May 2008 - 08:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 11 May 2008 - 08:54 PM

Forgot to answer your other questions

What forum do I post in about getting some of my drivers back that was lost such as Sonic (cd/dvd etc.. burner) Upon opining I get an error that reads "feature you are trying to use is on a CD-Rom or other removable disk that is not available. Insert 'Sonic record now data' disc then it says 'please wait while Windows configures Sonic record data' It will not exit when I hit close...it just keeps trying to find the data

Ask in the BleepingComputer.com > Software > Audio and Video

Plus my comp will not turn off/restart when I choose that option. XP

Windows XP Home and Professional
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:26 PM

Posted 11 May 2008 - 09:00 PM

let's hope the script fixes both those problems
Chewy

No. Try not. Do... or do not. There is no try.

#12 amyl

amyl
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 May 2008 - 09:13 PM

First back up the registry. DO this>>

Go to Start >> Run and type: regedit
Click OK

On the left side, click to highlight My Computer at the top.
Go up to File >> Export

Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.


Choose to save it to C:\
Click save and then go to File >> Exit.
Or you can download and use ERUNT

Now go to (click Link) Kelly's Korner

Scroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column.
Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop.
Double-click on that file to allow the script to run and reboot when done.
Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.







I ran that and my comp turns off now so that is good. But the dreaded white desktop screen is still there!

#13 amyl

amyl
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 May 2008 - 09:14 PM

Forgot to answer your other questions

What forum do I post in about getting some of my drivers back that was lost such as Sonic (cd/dvd etc.. burner) Upon opining I get an error that reads "feature you are trying to use is on a CD-Rom or other removable disk that is not available. Insert 'Sonic record now data' disc then it says 'please wait while Windows configures Sonic record data' It will not exit when I hit close...it just keeps trying to find the data

Ask in the BleepingComputer.com > Software > Audio and Video

Plus my comp will not turn off/restart when I choose that option. XP

Windows XP Home and Professional




thanks I will ask that there!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 11 May 2008 - 09:47 PM

Try th9s on the display issue.

Go to Start > Control Panel > Display. Click on the "Desktop" tab, then the "Customize Desktop..." button.
Click on the "Web" tab, then under Web Pages, uncheck everything and look for any of the following:
Security Info
Warning Message
Security Desktop
Warning Homepage
Privacy Protection
Desktop Uninstall

If present, select each entry and click the Delete button.
Also, make sure the Lock desktop items box is unchecked.
Click "Ok", then "Apply" and "Ok".

Edited by boopme, 11 May 2008 - 09:47 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 amyl

amyl
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 May 2008 - 10:24 PM

Try th9s on the display issue.

Go to Start > Control Panel > Display. Click on the "Desktop" tab, then the "Customize Desktop..." button.
Click on the "Web" tab, then under Web Pages, uncheck everything and look for any of the following:
Security Info
Warning Message
Security Desktop
Warning Homepage
Privacy Protection
Desktop Uninstall

If present, select each entry and click the Delete button.
Also, make sure the Lock desktop items box is unchecked.
Click "Ok", then "Apply" and "Ok".




Oh...thank heavens! That fixed it! Thanks soo much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users