Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antispyware2009


  • Please log in to reply
3 replies to this topic

#1 whitetiger01

whitetiger01

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 02 November 2008 - 01:50 AM

i had a friend assist me with removing the malware. but i just ran malwarebytes antiy malware and came up with 21 more infections. what do i do now?

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:12 PM

Posted 02 November 2008 - 06:55 AM

please post that log and then a new one from an updated scan with malwarebytes
Chewy

No. Try not. Do... or do not. There is no try.

#3 whitetiger01

whitetiger01
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 02 November 2008 - 04:28 PM

first log:

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

10/30/2008 8:01:29 PM
mbam-log-2008-10-30 (20-01-29).txt

Scan type: Quick Scan
Objects scanned: 86910
Time elapsed: 19 minute(s), 0 second(s)

Memory Processes Infected: 6
Memory Modules Infected: 1
Registry Keys Infected: 32
Registry Values Infected: 13
Registry Data Items Infected: 6
Folders Infected: 4
Files Infected: 45

Memory Processes Infected:
C:\Documents and Settings\USER_2\Application Data\Microsoft\Windows\usqjp.exe (Trojan.Vundo) -> Unloaded process successfully.
C:\Program Files\GetPack\GetPack23.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\GetModule\GetModule26.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\USER_2\Application Data\Facegame\Facegame.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\USER_2\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Unloaded process successfully.
C:\WINDOWS\system32\uesiuqcr.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ca4e834-72ff-6d2e-8a3c-59c003228dbf} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a0442dfa-1f7e-4dce-b75c-a90993d6e7fc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{268706f0-841c-446a-b757-8c1ef84527dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32fd16dc-537c-4186-9bd6-c718a308342b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27861bda-a645-491d-8599-dcab5969dc34} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cf05127-d66d-4125-b2d9-15909b83842a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{475a8380-dc57-448b-8d9f-5600df0a8476} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wip (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack23 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule26 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\facegame (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tbsa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\uesiuqcr.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\uesiuqcr.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\Facegame (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\USER_2\Application Data\Microsoft\Windows\usqjp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ooo.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Local Settings\Temp\mmmatt.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Local Settings\Temp\__3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Local Settings\Temp\__4.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\0H6JW9YN\mmmatt[1].exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\UOY17867\157[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule26.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\Facegame\Facegame.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\?dobe\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv137.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uesiuqcr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\USER_2\Desktop\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Desktop\Real Music Ringtones.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER_2\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSdspn.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSeuvd.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSfhkv.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSgkvy.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSiubs.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSurta.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSylca.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSimso.sys (Rootkit.Agent) -> Delete on reboot.


new log:

Malwarebytes' Anti-Malware 1.30
Database version: 1355
Windows 5.1.2600 Service Pack 2

11/1/2008 11:33:17 PM
mbam-log-2008-11-01 (23-33-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115151
Time elapsed: 29 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
C:\Program Files\Common Files\?dobe\userinit.exe (Adware.ClickSpring) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tbsa (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\USER_2\Application Data\GetModule (Trojan.Agent) -> No action taken.

Files Infected:
C:\Program Files\Common Files\?dobe\userinit.exe (Adware.ClickSpring) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\!update.exe (Adware.PurityScan) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\3nick568.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\NDR42.tmp (Adware.PurityScan) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\5YNH1MWU\158[1].net (Adware.ISM) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\O1E70L2J\3nick568[1].exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\OHUB09UB\KB908846[1].exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\WGLIA5IV\116[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temporary Internet Files\Content.IE5\Z1WCHBB1\!update-4495[1].0000 (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094626.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094627.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094628.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094629.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094635.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094636.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094637.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094638.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP255\A0094639.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\USER_2\Application Data\GetModule\dicik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER_2\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER_2\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER_2\Desktop\Real Music Ringtones.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER_2\Desktop\Internet Security Suite.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\TDSSf24b.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER_2\Local Settings\Temp\TDSSf299.tmp (Trojan.FakeAlert) -> No action taken.


the other thing that has happened is that several programs seem to be gone. Such as word & exel among others.

thanks for what ever help you can give me.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:12 PM

Posted 02 November 2008 - 05:03 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry948894

update MBAM

would you download and update atf cleaner and SAS in normal mode and run them from safe mode

Run ATF cleaner then run a quick scan with MBAM from safe mode, if MBAM asks you to reboot then do so into normal mode and reboot into safe mode and run atf cleaner again followed by a complete scan with SAS

These newer infections are very hard to remove, if time doesn't matter then waiting for an expert in the HJT forum is the best remedy, unfortunately there are more infections than experts

If time matters and you want a effective solution then a clean install is the best recourse
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users