Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes + AVG


  • Please log in to reply
19 replies to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 10:15 AM

I can not get into the AVG forum, password or user name problem !

I am not sure how to operate functions in AVG, but seemingly it has found 10 infections.

I am presently D/L a fresh copy as the last copy is not installed properly, but would like to know what is going on at this point as the previous copy is still in place while the D/L is downloading the Version 8.

This is the Virus Vault information

Posted Image


Information, AVG Overview
I can't find how to log or copy the infection information, but have this ;

"Infected objects removed or healed:";"0"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"0"
"Information count:";"10"
"Scan started:";"Wednesday, October 29, 2008, 7:15:37 AM"
"Scan finished:";"Wednesday, October 29, 2008, 7:30:10 AM (14 minute(s) 33 second(s))"
"Total object scanned:";"217555"
"User who launched the scan:";"Jp"

"Information"
"File";"Infection";"Result"
"C:\Documents and Settings\Jp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Jp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Jp\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\Jp\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."



I assume that this log is actions before I deleted all, does this all seem right ?
Malwarebytes Log

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 2

10/29/2008 6:46:35 AM
mbam-log-2008-10-29 (06-46-20).txt

Scan type: Quick Scan
Objects scanned: 39678
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 56
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{3d886211-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3d88621d-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3d88621e-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{38977f88-528e-4d6e-974b-d597b7b0f7bc} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ca0531b-ec9c-488e-ba0b-78b261d9ccc5} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{382aab6f-20e5-4f2f-86b0-ae9154085de5} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f7d5370d-7e5e-4d5c-9937-9ae4b87cd915} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6afb74a3-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6afb74b1-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{109f3bd2-5094-4c73-a322-876134784501} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8b525343-0e23-4ea8-9922-a25a5378dc62} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d55ba4f7-57de-4774-9db5-fb95bd9a25a0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{de4d1c4f-cefb-4f6d-9983-27043a9af772} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77e43d23-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{77e43d2f-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77e43d30-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{dcb5ce1d-bd7c-4c46-bf08-b3437f2bbe08} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{27e6c6b2-365c-408e-b7c9-c341b79cf0bd} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ad1f5ee-f01f-431d-8cab-ecb08704d338} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{4eed8325-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4eed8331-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4eed8332-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{b689de97-b981-4d5a-8569-7505a6d53b2f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{460c6a04-6cbc-45cd-b86f-95a29678970b} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6d7df52a-9910-46d2-8a2e-839ef3b8a289} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e24976dc-5047-4bf4-98f8-872761c877a3} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e647baaa-5b04-4793-80fa-ecf0baf4e5cf} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d796619-aedc-40ff-b225-2824230b9ccb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c6a96e83-f5af-4bd4-9bdd-7b18444f814f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{2f5bcd63-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{af562e0f-8b25-45a5-ac08-08dd7f37b230} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f5bcd64-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb122ba4-ee7b-4aa1-a4cd-1422efaf31ed} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9af6e7a1-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9af6e7ae-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{627d89ae-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{627d8976-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{050c9cc6-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{050c9cd4-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e8e6d23-85f4-4a7c-a2c0-7b33599bd2c6} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3669336d-51b1-43d9-961d-d2d17ff3b567} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6ad8e434-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6ad8e441-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{18b19b61-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d3840245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a8d-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a90-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9af6e7ad-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{18b19b6e-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8b-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8e-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 Maniac

Maniac

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria, EU
  • Local time:01:22 PM

Posted 29 October 2008 - 10:35 AM

Jove, please update MBAM and make a full system scan. Once, as MBAM detect viruses / threats, select "Remove Selected". Then select Save Log, write log file somewhere and end copy / paste log file in the next comment.

Download ESET SysInspector
http://www.eset.com/download/sysinspector.php

- Start program through the SysInspector.exe
The program will collect information about the situation on your machine.
- When "inspector" is ready and log file - generated, select File> Save Log
- Confirm their wish

Choose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.


Posted Image

#3 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 12:17 PM

Thank you, . . .Will do.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 29 October 2008 - 02:56 PM

Be sure to REBOOT YOUR COMPUTER immediately after the MBAM scan has completed removing the malicious files.

Also please UPDATE your MBAM, rescan FULL scan, reboot your computer and post that log.

It also appears that you didnt post the entire MBAM log. Please do so in your next reply.

Edited by xblindx, 29 October 2008 - 03:00 PM.


#5 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 05:54 PM

OK, sorry I was out, I'm back and will start this process, . . I have recently D/L AVG and now have previous installations, according to recommendation, I downloaded the last installation to the C: Drive, . . I have set it up and want to uninstall the previous, there may be more than one as I had some problems with the last installation, please tell me how I should proceed as I do not want to uninstall the latest D/L. I will then proceed with your instructions. Thank you.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#6 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 06:01 PM

Concerning the previous malwarebyte log(s) ;

These are the Previous !

mbam-log-2008-10-29 ) (06-46-20)- Notepad

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 2

10/29/2008 6:46:35 AM
mbam-log-2008-10-29 (06-46-20).txt

Scan type: Quick Scan
Objects scanned: 39678
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 56
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{3d886211-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3d88621d-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3d88621e-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{38977f88-528e-4d6e-974b-d597b7b0f7bc} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ca0531b-ec9c-488e-ba0b-78b261d9ccc5} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{382aab6f-20e5-4f2f-86b0-ae9154085de5} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f7d5370d-7e5e-4d5c-9937-9ae4b87cd915} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6afb74a3-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6afb74b1-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{109f3bd2-5094-4c73-a322-876134784501} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8b525343-0e23-4ea8-9922-a25a5378dc62} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d55ba4f7-57de-4774-9db5-fb95bd9a25a0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{de4d1c4f-cefb-4f6d-9983-27043a9af772} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77e43d23-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{77e43d2f-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77e43d30-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{dcb5ce1d-bd7c-4c46-bf08-b3437f2bbe08} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{27e6c6b2-365c-408e-b7c9-c341b79cf0bd} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ad1f5ee-f01f-431d-8cab-ecb08704d338} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{4eed8325-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4eed8331-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4eed8332-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{b689de97-b981-4d5a-8569-7505a6d53b2f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{460c6a04-6cbc-45cd-b86f-95a29678970b} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6d7df52a-9910-46d2-8a2e-839ef3b8a289} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e24976dc-5047-4bf4-98f8-872761c877a3} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e647baaa-5b04-4793-80fa-ecf0baf4e5cf} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d796619-aedc-40ff-b225-2824230b9ccb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c6a96e83-f5af-4bd4-9bdd-7b18444f814f} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{2f5bcd63-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{af562e0f-8b25-45a5-ac08-08dd7f37b230} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f5bcd64-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb122ba4-ee7b-4aa1-a4cd-1422efaf31ed} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9af6e7a1-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9af6e7ae-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{627d89ae-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{627d8976-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{050c9cc6-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{050c9cd4-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e8e6d23-85f4-4a7c-a2c0-7b33599bd2c6} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3669336d-51b1-43d9-961d-d2d17ff3b567} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6ad8e434-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6ad8e441-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{18b19b61-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d3840245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a8d-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{59ab1a90-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9af6e7ad-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{18b19b6e-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8b-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8e-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59ab1a91-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srmclean (Trojan.FakeAlert.H) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\cpqs\scom (Trojan.FakeAlert.H) -> No action taken.

Files Infected:


mbam-log-2008-10-29 ) (06-58-43)- Notepad

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 2

10/29/2008 6:58:43 AM




mbam-log-2008-10-29 (06-58-43).txt

Scan type: Quick Scan
Objects scanned: 39704
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 56
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{3d886211-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d88621d-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d88621e-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{38977f88-528e-4d6e-974b-d597b7b0f7bc} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ca0531b-ec9c-488e-ba0b-78b261d9ccc5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{382aab6f-20e5-4f2f-86b0-ae9154085de5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7d5370d-7e5e-4d5c-9937-9ae4b87cd915} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6afb74a3-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6afb74b1-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{109f3bd2-5094-4c73-a322-876134784501} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8b525343-0e23-4ea8-9922-a25a5378dc62} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d55ba4f7-57de-4774-9db5-fb95bd9a25a0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de4d1c4f-cefb-4f6d-9983-27043a9af772} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77e43d23-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{77e43d2f-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77e43d30-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dcb5ce1d-bd7c-4c46-bf08-b3437f2bbe08} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27e6c6b2-365c-408e-b7c9-c341b79cf0bd} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ad1f5ee-f01f-431d-8cab-ecb08704d338} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4eed8325-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4eed8331-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4eed8332-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b689de97-b981-4d5a-8569-7505a6d53b2f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{460c6a04-6cbc-45cd-b86f-95a29678970b} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6d7df52a-9910-46d2-8a2e-839ef3b8a289} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e24976dc-5047-4bf4-98f8-872761c877a3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e647baaa-5b04-4793-80fa-ecf0baf4e5cf} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d796619-aedc-40ff-b225-2824230b9ccb} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6a96e83-f5af-4bd4-9bdd-7b18444f814f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2f5bcd63-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af562e0f-8b25-45a5-ac08-08dd7f37b230} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f5bcd64-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb122ba4-ee7b-4aa1-a4cd-1422efaf31ed} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9af6e7a1-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9af6e7ae-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{627d89ae-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d8976-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{050c9cc6-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{050c9cd4-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e8e6d23-85f4-4a7c-a2c0-7b33599bd2c6} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3669336d-51b1-43d9-961d-d2d17ff3b567} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6ad8e434-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ad8e441-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18b19b61-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d3840245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a8d-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a90-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9af6e7ad-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18b19b6e-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8b-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8e-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ab1a91-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srmclean (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\cpqs\scom (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Files Infected:
C:\cpqs\scom\CpqCva.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\CpqStartMenu.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\CustomerRegInfo.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\EDID.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Help.ico (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Mailer.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\MemUsage.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Migrate.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ModemCheck.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ModemQuery.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ModemUtil.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\PCTSCOM.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ScDmi.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCDrivers.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCInfoBom.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Scom.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCOS.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCPartNumber.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\srmclean.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Edited by Jove, 29 October 2008 - 06:03 PM.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 29 October 2008 - 06:08 PM

Reboot your computer, run the Full Scan with Malwarebytes and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 06:35 PM

Budapest,

Sorry about this, I am getting,
Connect to the Internet or adjust Firewall,
When I try to update Malwarebytes, . . the thing is my firewall is off and I can not turn in on or off, that is the windows firewall, I recently Downloaded, sygate, firewall but I can not find it anywhere so the D/L must have self destructed somewhere along the line, your help is appreciated.

How can I get these updates for Malwarebytes, . . .

I have my automatic updates on but Windows still has not delivered the Security Update for Windows XP (KB921883) , ( This was the one in the BC Bulletin), I tried to get to it manually yesterday but could not get to it, I have just found a D/L site, should I attempt to do this first ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 29 October 2008 - 06:38 PM

Don't bother with the Malwarebytes update for now, just run the Full Scan and post the log.

Hold off on the Security Update for Windows XP (KB921883) for now.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 06:57 PM

I'm scanning with MB now, AVG Resident Shield has poped up a couple of times, first time with a scad of cookies, malware, and the Trojan Amey10 thing, I removed threats, its back up with,
the Trojan Amey10 thing again, finding them in C:\Windows\system32\wmsoft31883,exe, files etc.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#11 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 07:23 PM

MB found no threats, but at the time of the scan as stated AVG resident sheild poped up with TRojabs and cookies, malware etc., however it does update successfully but it is reporting that updates are not functioning or disabled. if you want that infor from AVG, you will need to tell me how to get the log.

MD Log ;

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 2

10/29/2008 8:06:04 PM
mbam-log-2008-10-29 (20-06-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 62475
Time elapsed: 25 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 29 October 2008 - 07:27 PM

Maybe you could try uninstalling and reinstalling AVG.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 09:34 PM

I think I will be trying step #2 from here'

http://www.pchell.com/virus/uninstallavg.shtml

I'll let you know.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#14 Jove

Jove
  • Topic Starter

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:06:22 AM

Posted 29 October 2008 - 10:03 PM

I have AVG installed and all features are working correctly and updated.

Now I nee a firewall as stated there is something wrong with my Windows SP2 Firewall,
it will not turn on or off and is off. I did go through the routine of trying to get it right but the prerequisites became complicated with some other factors as I recall, and was beyond my control at the time. I am hoping this does not interfere with the firewall I will install, would you suggest a freeware firewall ?

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 PM

Posted 29 October 2008 - 10:05 PM

I use the Comodo firewall.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users