Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows security alerts


  • This topic is locked This topic is locked
3 replies to this topic

#1 s5s5

s5s5

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 02 September 2008 - 03:24 AM

This is another log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2008 at 09:08 AM

Application Version : 4.20.1046

Core Rules Database Version : 3552
Trace Rules Database Version: 1540

Scan type : Complete Scan
Total Scan Time : 00:49:24

Memory items scanned : 205
Memory threats detected : 0
Registry items scanned : 5859
Registry threats detected : 3
File items scanned : 92432
File threats detected : 1

Trojan.Dropper/Gen
[genset] C:\WINDOWS\SYSTEM32\JOJWLWHA.EXE
C:\WINDOWS\SYSTEM32\JOJWLWHA.EXE

Trojan.DNSChanger-Codec
HKU\S-1-5-21-4069198115-2500367768-4293227135-1000\Software\uninstall

Rogue.PC-Cleaner
HKU\S-1-5-21-4069198115-2500367768-4293227135-1000\Software\mwc



Hope that helps to give me advice on how to rid myself of this.


Thanks again

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:07 AM

Posted 02 September 2008 - 06:59 AM

In the other thread you replied to, I noted that you scanned with MBAM.

MBAM has been updated. Please download and install the most current version of MBAM from here

Perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 s5s5

s5s5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 02 September 2008 - 09:30 AM

Hi quietman7 and thanks for the help

Ok i updated MBAM and did another scan then rebooted...

Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 6.0.6000

02/09/2008 15:17:32
mbam-log-2008-09-02 (15-17-32).txt

Scan type: Quick Scan
Objects scanned: 38879
Time elapsed: 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I'm not convinced it's sorted though as i was getting the security alerts up till i did the quick scan.


I've also done a hijack this and combofix on another thread http://www.bleepingcomputer.com/forums/t/166951/can-someone-have-a-look-please/

And i noticed when doing combofix that my AV was picking up trojan download attempts to C:program data\mbutkzsd\ivywpst.exe so i deleted ivywpst.exe but as i say, i'm still getting some security alerts.


Thanks for the help.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:07 AM

Posted 02 September 2008 - 09:49 AM

Please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

However, now that you have run ComboFix and posted a hijackthis log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users