Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installer2.exe & Virus


  • Please log in to reply
12 replies to this topic

#1 tia08

tia08

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 07 October 2008 - 02:18 PM

I use AVG 8.0 , MalewareBYTES
comodo firewall
i have windows vista home basic


I scanned my computer for anti-virus and malware although nothing shows up.

On comodo firewall i have this alert that says something about

C:\WINDOWS\System32\Installer2.exe is trying to modify a key.

I don't know if it's a virus but i searched google and it said i was.

now i am here because of the installer2.exe and i also would like someone to help me find if i have any virus or malware.
thanks.

Posted Image

BC AdBot (Login to Remove)

 


#2 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 10 October 2008 - 08:27 PM

It's been a few days & I'd like some help here :thumbsup:

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 11 October 2008 - 03:25 AM

Please try these two scans ; instructions on these links for you
a repeat OF malawarebytes

http://www.bleepingcomputer.com/forums/ind...st&p=959453

and superantispyware

http://www.bleepingcomputer.com/forums/ind...st&p=959604

#4 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 October 2008 - 01:09 AM

^^do i have to disable AVG 8.0 if i download superantispyware?


ohhh and the installer thing in the picture on the first post trying to modify something....is this a virus or not?

Edited by tia08, 14 October 2008 - 01:15 AM.


#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 14 October 2008 - 02:50 AM

^^do i have to disable AVG 8.0 if i download superantispyware?

ohhh and the installer thing in the picture on the first post trying to modify something....is this a virus or not?

neither superantispwyare nor malawerebytes is an antivirus program so you should NOT need to disable your antivirus program

the malawarebytes and superantispyware programs give a report and those reports need to be examined to see what else might need to be done for you

#6 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 October 2008 - 03:11 AM

Malwarebytes' Anti-Malware 1.28
Database version: 1267
Windows 6.0.6001 Service Pack 1

10/14/2008 6:11:25 PM
mbam-log-2008-10-14 (18-11-25).txt

Scan type: Quick Scan
Objects scanned: 44997
Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------
I restarted it after scan and re-scanned it again....the log below.
-----------------------------------------


Malwarebytes' Anti-Malware 1.28
Database version: 1267
Windows 6.0.6001 Service Pack 1

10/14/2008 6:38:30 PM
mbam-log-2008-10-14 (18-38-30).txt

Scan type: Quick Scan
Objects scanned: 44925
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Right now i am gonna do the superantispyware scan.

Edited by tia08, 14 October 2008 - 03:45 AM.


#7 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 October 2008 - 05:48 AM

Done with superantispyware scan.
Results Below.

-----------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2008 at 08:24 PM

Application Version : 4.21.1004

Core Rules Database Version : 3596
Trace Rules Database Version: 1583

Scan type : Complete Scan
Total Scan Time : 00:59:07

Memory items scanned : 199
Memory threats detected : 0
Registry items scanned : 6391
Registry threats detected : 6
File items scanned : 109623
File threats detected : 2

Trojan.SystemCheck-Fake
HKLM\System\ControlSet001\Services\systemCheck
C:\WINDOWS\SYSTEM32\SYSTEMCHECK.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_systemCheck
HKLM\System\ControlSet002\Services\systemCheck
HKLM\System\ControlSet002\Enum\Root\LEGACY_systemCheck
HKLM\System\CurrentControlSet\Services\systemCheck
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_systemCheck
C:\Windows\Prefetch\SYSTEMCHECK.EXE-AE145332.pf

#8 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 15 October 2008 - 12:56 AM

BUMMMP - I finished everything.
Thank you.

#9 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 16 October 2008 - 12:38 PM

Hello..
Is anyone gonna get back to me.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 PM

Posted 16 October 2008 - 03:45 PM

is the PC running normally now as it appears you have removed the malwares
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 17 October 2008 - 12:42 AM

It's been running normal but - I just wanna make sure.
Since I Have no idea how this PC got infected anyway.

#12 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 19 October 2008 - 01:50 AM

is there any other steps i have/need to take?

#13 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 October 2008 - 08:02 AM

From your other threads you seem to think you may HAVE been infected by??? something?
I would suggest you run the free online virus scanner from Kaspersky you were requested to do on your HJT thread http://www.bleepingcomputer.com/forums/ind...st&p=902559 but seemingly did not get back with any result?

Also fully update the Malawarebytes and superantispyware programs ; reboot and run thorough scans with both

Unless you are still concerned and wish the Staff to reopen your HJT thread ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users