Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

RegRun Reanimator / Unhackme Alert


  • Please log in to reply
17 replies to this topic

#1 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 14 December 2008 - 06:11 PM

Using the RegRun Reanimator / Unhackme programs, I get information saying that I have a rootkit infection (Mchinjdrv.sys) and alerts that the following files are infected:

vga.sys
secdrv.sys (Macrovision)
ndis.sys


I started looking around because Windows Update would no longer work (it hangs at 0% in the task menu.)

Any advice/help would be APPRECIATED!!!

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA

Posted 14 December 2008 - 06:57 PM

I am not familiar with RegRun Reanimator.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 14 December 2008 - 07:51 PM

WOW! Thanks for such a fast response!

Here is the log file:

Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 6.0.6001 Service Pack 1

12/14/2008 14:51:03
mbam-log-2008-12-14 (14-51-03).txt

Scan type: Quick Scan
Objects scanned: 53026
Time elapsed: 14 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:49 AM

Posted 14 December 2008 - 08:15 PM

Please download BitDefender RootkitUncover and save it to your desktop.
  • Double click the bitdefender_antirootkit-BETA2 icon.
  • Review the licence agreement and check the "I accept the licence agreement" box.
  • Then click Next > and Scan.
  • Allow the program to scan your computer. The scan will take some so be patient and let it finish.
  • Once the scan has completed, click Next >.
  • If any items are found, please copy and paste the details into your next reply.
Note: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection. (Re-enable when done)
  • After starting the scan, DO NOT not use the computer until the scan has completed.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 14 December 2008 - 09:31 PM

Thanks again for your time.

I downloaded this software and tried to run it THREE times, and it causes my system to crash (you know, the BLUE SCREEN OF DEATH -BSOD).

??????

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA

Posted 15 December 2008 - 07:45 AM

Let's try this ...

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2008 - 04:42 PM

Here is the log.

The only one that I am nopt sure of is the Trojan.Win32.Agent, because they did not provide a lot of details. The others were for AVG Antivirus, SmitFraudFix and VNC, all three are software programs I downloaded and installed from the publisher sites. I think these are all false positives, I don't know.

What do you think? Any way to find out what the Trojan.Win32.Agent referred to?

And the files that were skipped were all skipped for good reason?

Thanks again!



Monday, December 15, 2008 08:00:26 - 11:36:16

Computer name: PEEVE
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\ N:\
Result: 7 malware found

RemoteAdmin.Win32.WinVNC (spyware)

* System

TrackingCookie.2o7 (spyware)

* System

Trojan.Win32.Agent (virus)

* System

W32/Fakealert.AZT (virus)

* C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\PROGRAM FILES\AVG\AVG8\AVGCOREX.DLL (Submitted)

W32/Zlob.gen123 (virus)

* C:\WINDOWS\SYSTEM32\AGENT.OMZ.FIX.EXE (Submitted)
* C:\PROGRAM FILES\MOZILLA FIREFOX\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE (Submitted)
* C:\$RECYCLE.BIN\S-1-5-21-537661529-2398147956-3516396334-1007\$RGVNEQV\AGENT.OMZ.FIX.EXE (Submitted)

Statistics
Scanned:

* Files: 91651
* System: 4888
* Not scanned: 46

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 7
* Submitted: 4

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\HP_ADMINISTRATOR\APPDATA\LOCAL\TEMP\ETILQS_DUW5PL5UHLPW2AHITDVK
* C:\USERS\HP_ADMINISTRATOR\APPDATA\LOCAL\TEMP\ETILQS_ZVBMJP0DZEIE2FBL14CP
* C:\USERS\HP_ADMINISTRATOR\APPDATA\LOCAL\TEMP\ETILQS_ZVBMJP0DZEIE2FBL14CP-JOURNAL
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47E6A4192B2410091C716E0AEEB16073_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A3A8A4AF63551469259BE772ED94489_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\789448D54303B5B70470BBC7CC4A9498_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC1E3851F429EA606D6FF1E01A5229F1_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\SYSTEM VOLUME INFORMATION\{05D22945-CA20-11DD-8A5A-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{117B29BF-CACC-11DD-A7E2-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{117B29C9-CACC-11DD-A7E2-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{3CFCCD68-CA27-11DD-9639-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{3CFCCD77-CA27-11DD-9639-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{3F22545C-CA46-11DD-8A80-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{5F43B785-CA2E-11DD-893F-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{5F43B793-CA2E-11DD-893F-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{5F43B7AD-CA2E-11DD-893F-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{5F43B7B6-CA2E-11DD-893F-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{8278FDA2-CA48-11DD-863D-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{8278FDAC-CA48-11DD-863D-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{9E33D226-CA4F-11DD-AD7B-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{9E33D248-CA4F-11DD-AD7B-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{C0BFEE3C-CA43-11DD-8F76-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{C9A4C5C0-CA2B-11DD-9E0C-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{C9A4C5C6-CA2B-11DD-9E0C-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{C9A4C5D0-CA2B-11DD-9E0C-001731ED7F4F}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47E6A4192B2410091C716E0AEEB16073_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A3A8A4AF63551469259BE772ED94489_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\789448D54303B5B70470BBC7CC4A9498_4EAA9A75-8A64-4313-AD5B-42D6A155EE63
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC1E3851F429EA606D6FF1E01A5229F1_4EAA9A75-8A64-4313-AD5B-42D6A155EE63

#8 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2008 - 05:10 PM

When I run RegRun Reanimator (which comes with UnHackMe software), it still says that I have an uninvited guest:

C:\WINDOWS\SYSTEM32\DRIVERS\MCHINJDRV.SYS.

The RegRun won't permanently eliminate it.

#9 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2008 - 06:20 PM

It looks like I was able to get the RegRun to eliminate the sys file... hopefully a permanent thing.

Any suggestions or comments, or should I consider this fixed?

#10 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:49 AM

Posted 15 December 2008 - 08:41 PM

Let start with the F-Secure log first..

Result: 7 malware found

RemoteAdmin.Win32.WinVNC (spyware) - VNC is a program that allows remote access to your computer. This could be someone who helped you over a network or the web.

* System

TrackingCookie.2o7 (spyware) - tracking cookie

* System

Trojan.Win32.Agent (virus) - Bad guy

* System

W32/Fakealert.AZT (virus) - this one is a file in your system restore that we will flush

* C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\PROGRAM FILES\AVG\AVG8\AVGCOREX.DLL (Submitted)

W32/Zlob.gen123 (virus) - the following are files associated with SmitfraudFix

* C:\WINDOWS\SYSTEM32\AGENT.OMZ.FIX.EXE (Submitted)
* C:\PROGRAM FILES\MOZILLA FIREFOX\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE (Submitted)
* C:\$RECYCLE.BIN\S-1-5-21-537661529-2398147956-3516396334-1007\$RGVNEQV\AGENT.OMZ.FIX.EXE (Submitted


Just to make sure, I would run one more set of scans...

Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#11 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2008 - 02:35 AM

Here is the log. It is interesting that it claims WINDBG.EXE is a Virus, when it continues to exist (and did not alert) at "C:\Program Files\Debugging Tools for Windows\windbg.exe"

Also, my little friend seems to have returned (MCHINJDRV.SYS). I cannot find it at the location RegRun Reanimator says it exists (and I did change options to show hidden and system files...) I don't have a clue!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/15/2008 at 07:56 PM

Application Version : 4.23.1006

Core Rules Database Version : 3661
Trace Rules Database Version: 1641

Scan type : Complete Scan
Total Scan Time : 01:45:52

Memory items scanned : 245
Memory threats detected : 0
Registry items scanned : 8026
Registry threats detected : 0
File items scanned : 200897
File threats detected : 3

Adware.Tracking Cookie
C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\hp_administrator@msnportal.112.2o7[1].txt

Worm.WINDBG
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\PROGRAM FILES\DEBUGGING TOOLS FOR WINDOWS\WINDBG.EXE

#12 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA

Posted 16 December 2008 - 08:05 AM

Do you use SpywareDoctor?

Please send the file C:\windows\system32\drivers\MCHINJDRV.SYS to virusscan.jotti.org Please post the results here.

Please update and rerun Malwarebytes running a full scan and then post a fresh log.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#13 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:49 AM

Posted 16 December 2008 - 08:07 AM

Pardon the double post. The above file may also be associated with Comodo Firewall Pro and A Squared. It is a code injector that may be flaged as a false positive.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#14 Guest_tdmorgan_*

Guest_tdmorgan_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2008 - 04:04 PM

I cannot find the actual file on my machine, just the reference to it...

BUT - I do use A-Squared...

So that must be it?

If so, thanks so much for all your help! Your time is VERY much appreciated!

This is the first time I have had to rely on outside support, and I am impressed with the level of service.

Cheers and Happy Holidays!!!

#15 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA

Posted 16 December 2008 - 07:23 PM

Here are the links I found...

http://forums.comodo.com/virusmalware_remo...ys-t9257.0.html
http://forums.majorgeeks.com/showthread.php?t=121733

Let's try 1 more scan... just to be sure.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.



One last thing, thank you for your words. I appreciate them greatly! Thanks!

Edited by rigel, 16 December 2008 - 07:25 PM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users