Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Macroav Removal... Successful?


  • Please log in to reply
1 reply to this topic

#1 katiew

katiew

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 29 September 2008 - 11:09 AM

Hi Bleeping Computer!

I had MacroAV virus last week and I thought I had removed it using ComboFix before finding out about Hijackthis.
when I ran this, i found more interesting things;

O4 - HKCU\..\Run: [\YUR140.exe] C:\Windows\system32\YUR140.exe
O4 - HKCU\..\Run: [\YUR141.exe] C:\Windows\system32\YUR141.exe
O4 - HKCU\..\Run: [\YUR145.exe] C:\Windows\system32\YUR145.exe
O4 - HKCU\..\Run: [\YUR146.exe] C:\Windows\system32\YUR146.exe
O4 - HKCU\..\Run: [\YUR2B.exe] C:\Windows\system32\YUR2B.exe
O4 - HKCU\..\Run: [\YUR2C.exe] C:\Windows\system32\YUR2C.exe
O4 - HKCU\..\Run: [\YUR2D.exe] C:\Windows\system32\YUR2D.exe
O4 - HKCU\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe
HKLM\..\Run: [\YUR141.exe] C:\Windows\system32\YUR141.exe
O4 - HKLM\..\Run: [\YUR145.exe] C:\Windows\system32\YUR145.exe
O4 - HKLM\..\Run: [\YUR146.exe] C:\Windows\system32\YUR146.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YUR2B.exe] C:\Windows\system32\YUR2B.exe
O4 - HKLM\..\Run: [\YUR2C.exe] C:\Windows\system32\YUR2C.exe
O4 - HKLM\..\Run: [\YUR2D.exe] C:\Windows\system32\YUR2D.exe
O4 - HKLM\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe

My McAfee was not finding any of the viruses so I installed my long trusted Avast and sure enough it found those listed above and believe them to be deleted.

Also, In my Control Panel > System > General it stills says "VIRUS ALERT!" beneath the name of the computer and I am unable to delete this.


I have now run a new hijack this and need to make sure I'm in the clear!
Thanks for ANY help you can give!!

Cheers!
Katie :thumbsup:

Attached File  hijackthis.log   12.92KB   18 downloads

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:22 PM

Posted 08 October 2008 - 10:19 AM

Hello katiew

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users