Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Alert In Taskbar


  • Please log in to reply
13 replies to this topic

#1 Brantman67

Brantman67

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 23 July 2008 - 08:51 PM

Accidently hit an ad playing an online game. VIRUS ALERT showed up near the clock in the taskbar. Items disappeared from the Start menu and couldn't change my automatic update settings. Researched a little on this site and saw similar problems from other members. Downloaded and ran ComboFix. Can supply log if requested. Would like to make sure I got rid of everything. Thanks in advance for your help!

Edited by Orange Blossom, 23 July 2008 - 09:11 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 23 July 2008 - 10:08 PM

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Brantman67

Brantman67
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 23 July 2008 - 10:58 PM

Here are the results of the MBAM scan...

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2

9:49:45 PM 7/23/2008
mbam-log-7-23-2008 (21-49-45).txt

Scan type: Quick Scan
Objects scanned: 42245
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\boynkpap.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcg61j0e9ep (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b0e440f4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\boynkpap.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\papknyob.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SysFA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SysFB.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brant\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 23 July 2008 - 11:09 PM

Now run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Brantman67

Brantman67
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 24 July 2008 - 07:42 AM

I ran the full system scan in safe mode and did quarantine several items. Do I need to delete these? What to do next? Here is the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2008 at 00:18 AM

Application Version : 4.15.1000

Core Rules Database Version : 3513
Trace Rules Database Version: 1504

Scan type : Complete Scan
Total Scan Time : 01:41:06

Memory items scanned : 176
Memory threats detected : 0
Registry items scanned : 7094
Registry threats detected : 0
File items scanned : 26146
File threats detected : 122

Adware.Tracking Cookie
C:\Documents and Settings\Brant\Cookies\brant@hotels.112.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@serving-sys[1].txt
C:\Documents and Settings\Brant\Cookies\brant@directtrack[1].txt
C:\Documents and Settings\Brant\Cookies\brant@traffic.buyservices[1].txt
C:\Documents and Settings\Brant\Cookies\brant@chitika[2].txt
C:\Documents and Settings\Brant\Cookies\brant@buycom.122.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@webstat[1].txt
C:\Documents and Settings\Brant\Cookies\brant@humornsex[2].txt
C:\Documents and Settings\Brant\Cookies\brant@kontera[2].txt
C:\Documents and Settings\Brant\Cookies\brant@antispywaremaster[1].txt
C:\Documents and Settings\Brant\Cookies\brant@overture[1].txt
C:\Documents and Settings\Brant\Cookies\brant@clickbank[1].txt
C:\Documents and Settings\Brant\Cookies\brant@ads.pointroll[1].txt
C:\Documents and Settings\Brant\Cookies\brant@adopt.euroclick[1].txt
C:\Documents and Settings\Brant\Cookies\brant@gomyhit[1].txt
C:\Documents and Settings\Brant\Cookies\brant@myaccount.cableone[2].txt
C:\Documents and Settings\Brant\Cookies\brant@sales.liveperson[2].txt
C:\Documents and Settings\Brant\Cookies\brant@viacom.adbureau[2].txt
C:\Documents and Settings\Brant\Cookies\brant@nakedonthestreets[1].txt
C:\Documents and Settings\Brant\Cookies\brant@adlegend[1].txt
C:\Documents and Settings\Brant\Cookies\brant@gomyhit[4].txt
C:\Documents and Settings\Brant\Cookies\brant@mediatraffic[1].txt
C:\Documents and Settings\Brant\Cookies\brant@paypal.112.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@sales.liveperson[4].txt
C:\Documents and Settings\Brant\Cookies\brant@ads.addynamix[1].txt
C:\Documents and Settings\Brant\Cookies\brant@gomyhit[3].txt
C:\Documents and Settings\Brant\Cookies\brant@tacoda[2].txt
C:\Documents and Settings\Brant\Cookies\brant@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Brant\Cookies\brant@sales.liveperson[3].txt
C:\Documents and Settings\Brant\Cookies\brant@youporn[1].txt
C:\Documents and Settings\Brant\Cookies\brant@truitionbigals.122.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@aff.primaryads[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.bravoteens[1].txt
C:\Documents and Settings\Brant\Cookies\brant@interclick[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.nakedonthestreets[2].txt
C:\Documents and Settings\Brant\Cookies\brant@porntube[2].txt
C:\Documents and Settings\Brant\Cookies\brant@www.googleadservices[4].txt
C:\Documents and Settings\Brant\Cookies\brant@realmedia[2].txt
C:\Documents and Settings\Brant\Cookies\brant@msnportal.112.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@ads.gamelink[2].txt
C:\Documents and Settings\Brant\Cookies\brant@youpornmate[1].txt
C:\Documents and Settings\Brant\Cookies\brant@pcprivacycleaner[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.googleadservices[3].txt
C:\Documents and Settings\Brant\Cookies\brant@adultadworld[1].txt
C:\Documents and Settings\Brant\Cookies\brant@ads.revsci[1].txt
C:\Documents and Settings\Brant\Cookies\brant@protect.trustedantivirus[3].txt
C:\Documents and Settings\Brant\Cookies\brant@householdaccount[2].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[1].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[5].txt
C:\Documents and Settings\Brant\Cookies\brant@www.googleadservices[2].txt
C:\Documents and Settings\Brant\Cookies\brant@adbrite[1].txt
C:\Documents and Settings\Brant\Cookies\brant@anad.tacoda[2].txt
C:\Documents and Settings\Brant\Cookies\brant@www.vav2008[1].txt
C:\Documents and Settings\Brant\Cookies\brant@adopt.specificclick[1].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[7].txt
C:\Documents and Settings\Brant\Cookies\brant@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.w3counter[2].txt
C:\Documents and Settings\Brant\Cookies\brant@www.googleadservices[6].txt
C:\Documents and Settings\Brant\Cookies\brant@2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.googleadservices[5].txt
C:\Documents and Settings\Brant\Cookies\brant@specificclick[2].txt
C:\Documents and Settings\Brant\Cookies\brant@questionmarket[2].txt
C:\Documents and Settings\Brant\Cookies\brant@yadro[1].txt
C:\Documents and Settings\Brant\Cookies\brant@humornsex[3].txt
C:\Documents and Settings\Brant\Cookies\brant@cgm.adbureau[1].txt
C:\Documents and Settings\Brant\Cookies\brant@server.iad.liveperson[3].txt
C:\Documents and Settings\Brant\Cookies\brant@statse.webtrendslive[2].txt
C:\Documents and Settings\Brant\Cookies\brant@semdirector.112.2o7[1].txt
C:\Documents and Settings\Brant\Cookies\brant@network.realmedia[2].txt
C:\Documents and Settings\Brant\Cookies\brant@adserver.adtechus[1].txt
C:\Documents and Settings\Brant\Cookies\brant@wmvmedialease[1].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.adult-empire[1].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[9].txt
C:\Documents and Settings\Brant\Cookies\brant@adserv01[2].txt
C:\Documents and Settings\Brant\Cookies\brant@scanner.anvi-scanner[2].txt
C:\Documents and Settings\Brant\Cookies\brant@ads-dev.youporn[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.googleadservices[1].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[8].txt
C:\Documents and Settings\Brant\Cookies\brant@www.youpornmate[2].txt
C:\Documents and Settings\Brant\Cookies\brant@imrworldwide[2].txt
C:\Documents and Settings\Brant\Cookies\brant@tribalfusion[2].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[2].txt
C:\Documents and Settings\Brant\Cookies\brant@www.burstbeacon[1].txt
C:\Documents and Settings\Brant\Cookies\brant@galleries.drawn-sex[3].txt
C:\Documents and Settings\Brant\Cookies\brant@server.iad.liveperson[2].txt
C:\Documents and Settings\Brant\Cookies\brant@e-2dj6wjk4gpczaco.stats.esomniture[2].txt
C:\Documents and Settings\Brant\Cookies\brant@advancedcleaner[1].txt
C:\Documents and Settings\Brant\Cookies\brant@advertising[1].txt
C:\Documents and Settings\Brant\Cookies\brant@ads.crakmedia[2].txt
C:\Documents and Settings\Brant\Cookies\brant@revsci[2].txt
C:\Documents and Settings\Brant\Cookies\brant@media.mtvnservices[2].txt
C:\Documents and Settings\Brant\Cookies\brant@virusremover2008[2].txt
C:\Documents and Settings\Brant\Cookies\brant@prospect.adbureau[1].txt
C:\Documents and Settings\Brant\Cookies\brant@www.mediatraffic[1].txt
C:\Documents and Settings\Brant\Cookies\brant@track.singleedge[2].txt
C:\Documents and Settings\Brant\Cookies\brant@server.iad.liveperson[4].txt
C:\Documents and Settings\Brant\Cookies\brant@protect.trustedantivirus[1].txt
C:\Documents and Settings\Brant\Cookies\brant@atdmt[2].txt

Rogue.Dropper/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0025999.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0026000.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0026002.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0026003.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029638.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029639.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029641.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029643.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029766.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029767.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029768.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0026001.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029640.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029642.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029658.EXE

Rogue.Vista AntiVirus 2008
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0028114.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0028115.CPL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029646.CPL

Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0028116.DLL

Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0028118.DLL

Rogue.AntiSpywareExpert
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0028135.EXE

Trojan.Dropper/Gen-Zero
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029637.EXE

Rogue.MalwareProtector/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029648.EXE

Trojan.Net-MSV/VPS-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0029649.DLL

Edited by Brantman67, 24 July 2008 - 07:45 AM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 24 July 2008 - 04:49 PM

Clean out your old system restore points.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Then run the Malwarebytes scan again.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Brantman67

Brantman67
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 24 July 2008 - 09:26 PM

Set new restore point.
Ran full scan in normal mode.

MBAM log:

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2

8:23:33 PM 7/24/2008
mbam-log-7-24-2008 (20-23-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 139784
Time elapsed: 1 hour(s), 8 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcARjJD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJayYRJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mrohtl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRhEXpO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rvwigrno.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUnklKB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

Thank you so much for your help thusfar. :thumbsup:

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:32 AM

Posted 24 July 2008 - 10:09 PM

Your MBAM log indicates you are using an older database version. Please update to the most current one. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Perform a new Quick Scan in normal mode and make sure you reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Brantman67

Brantman67
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 24 July 2008 - 10:35 PM

Updated Malwarebyte's Anti-Malware.

MBAM log:

Malwarebytes' Anti-Malware 1.23
Database version: 990
Windows 5.1.2600 Service Pack 2

9:34:24 PM 7/24/2008
mbam-log-7-24-2008 (21-34-24).txt

Scan type: Quick Scan
Objects scanned: 44003
Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rebooted in normal mode.

Edited by Brantman67, 24 July 2008 - 10:36 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:32 AM

Posted 24 July 2008 - 10:41 PM

How is your computer running now? Any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Brantman67

Brantman67
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 24 July 2008 - 10:47 PM

Everything appears to be running normally. Clock is still set on military time. Also have a bunch of icons on desktop for Malware, ComboFix & SuperAnti Spyware. Special instructions to get rid of these? Can you point me in the right direction to help speed my computer up at startup? Thanks again for your help.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:32 AM

Posted 24 July 2008 - 10:59 PM

To change your time, click on Start > Help and Support Center and in the Search box type: change time display
Press Enter or click the green arrow.
Under Suggested Topics click "Change the way your computer displays the time" for instructions.

or you can go to Start > Control Panel > Regional and Language Options. Under Standards and formats click the Customize... button, then click the Time tab, and change the Time format to: h:mm:ss tt
Click Apply or Ok twice to exit out.

Please download OTCleanIt.exe and save to your Desktop.
  • Connect to the Internet and double-click on the file to launch the program.
  • Click on the green CleanUp! button.
  • If you get a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the Internet, please allow the connection.
  • When it has finished, OTCleanIt will ask you to reboot so it can remove itself.
-- Note: Doing this will remove the specialized tools (including this one) we downloaded and used during malware removal. All other programs (MBAM & SAS) should be kept on your machine and used on a regular basis.

If your computer seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
Note: If you are not on a local area network (LAN), disable the Workstation Service which creates and maintains client network connections to remote servers and that should also help to speed up your boot time.

Tips to protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid online gaming sites and peer-to-peer (P2P) or file sharing programs as they are a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans target and spread across P2P files sharing networks and gaming sites. In some instances the infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS. The best way to reduce the risk of infection is to avoid gaming sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Edited by quietman7, 24 July 2008 - 11:00 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Brantman67

Brantman67
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nampa, Idaho USA
  • Local time:04:32 AM

Posted 24 July 2008 - 11:02 PM

Thanks Q7. You guys are the best.

:thumbsup:

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:32 AM

Posted 25 July 2008 - 06:00 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users