Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ms Anitvirus


  • Please log in to reply
8 replies to this topic

#1 PanchoVillauno

PanchoVillauno

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 11:46 AM

Hello again thank for the first help that ya'll gave me about month that work now i have a new problem, i keep gettin popups from MS Antivirus, this sux, I ran the Malware program and it removed it but i still keep having thoses popups here is the logs

Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 6.0.6001 Service Pack 1

9/30/2008 11:12:42 AM
mbam-log-2008-09-30 (11-12-42).txt

Scan type: Quick Scan
Objects scanned: 43722
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2e04b8d-ed53-47f9-88a1-298066a66634} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2e04b8d-ed53-47f9-88a1-298066a66634} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\267171\267171.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\algg.exe (Trojan.Zlob) -> Delete on reboot.
C:\Users\Hector Romero\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Hector Romero\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Hector Romero\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Hector Romero\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Hector Romero\AppData\Local\Temp\xrg1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Hector Romero\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 PanchoVillauno

PanchoVillauno
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 11:47 AM

Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 6.0.6001 Service Pack 1

9/30/2008 11:41:06 AM
mbam-log-2008-09-30 (11-41-06).txt

Scan type: Quick Scan
Objects scanned: 43418
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 PanchoVillauno

PanchoVillauno
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 12:36 PM

HELP

#4 PanchoVillauno

PanchoVillauno
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 01:22 PM

if i keep have msx popups after i did the malware scan so what should i do next? :thumbsup:

#5 PanchoVillauno

PanchoVillauno
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 02:02 PM

any ideas

#6 PanchoVillauno

PanchoVillauno
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 02:11 PM

Queitman help meee!!!!

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:53 PM

Posted 30 September 2008 - 03:15 PM

Please run smitfraudfix before running MBAM again


your malwarebytes is out of date, update it and rerun a scan

and we can go from there

Edited by DaChew, 30 September 2008 - 03:26 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:53 PM

Posted 30 September 2008 - 03:25 PM

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of the SmitfraudFix report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Chewy

No. Try not. Do... or do not. There is no try.

#9 PanchoVillauno

PanchoVillauno
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 30 September 2008 - 03:33 PM

thanx for the reply....I'll try that when i get home




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users