Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Pc


  • Please log in to reply
3 replies to this topic

#1 Terry PSV

Terry PSV

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 14 July 2008 - 05:33 PM

Hi.

I'm typing this on behalf of a very good friend. She's asked me for help because I'm more geeky than she is :thumbsup:

I've run the latest version of Norton anti-virus and Ad-Aware in safe mode. However, a pop-up keeps appearing offering to install something called "Advanced Anti-virus" which Norton says is utterly bogus. Norton can prevent this from installing, but the pop-up keeps appearing and won't budge.

WCS.exe claims it needs to shut down, an alert about trojan.zlob appears, and also the complexel virus has been detected but that was by the bogus virus scan.

Could you please advise me what to do to get my friend's PC back to full speed please? She relies on this machine for work.

Any help you can give will be very much appreciated :flowers:

BC AdBot (Login to Remove)

 


#2 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 14 July 2008 - 07:24 PM

Don't listen to the bogus program.It's doing fake positives. So lets go on.
Download Malwarebytes.
download
Update then scan your system. Then post the log. Make sure to remove them.

#3 Terry PSV

Terry PSV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 19 July 2008 - 09:12 AM

Sorry it's been so long :thumbsup:

Okays, here's the Malwarebytes log

(Just so you know, I'm going away so I'll reply this time next week)

Malwarebytes' Anti-Malware 1.21
Database version: 966
Windows 5.1.2600 Service Pack 2

15:09:14 19/07/2008
mbam-log-7-19-2008 (15-09-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 282836
Time elapsed: 1 hour(s), 52 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d1577581-2ed7-469f-99b1-72c1339e0ee0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c46f137f-2c2a-4714-aa14-323137f882ae} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d1577581-2ed7-469f-99b1-72c1339e0ee0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP362\A0035598.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Terry & Clive\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Terry & Clive\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Terry & Clive\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

#4 Richard Fu

Richard Fu

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 19 July 2008 - 11:21 AM

How is the computer doing now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users