Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with infection


  • Please log in to reply
6 replies to this topic

#1 Domonique J

Domonique J

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 18 December 2008 - 10:43 PM

hello everybody,
So I have had the same issue as above tried to install MBAM and nothing worked, so I did like suggested and changed the extension and got it to install
but even after changing the same and extension after installation nothing happens, my problems are 100% identical to Kevin's what can I do to fix this?

BC AdBot (Login to Remove)

 


#2 Franco Spanish

Franco Spanish

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 19 December 2008 - 03:11 AM

You have to rename the exe file that starts up when you try to run Malwarebytes. To do that go to My Computer - C:\ - Program Files \ MalwareBytes Anti-Malware \

Right click on mbam and select properties. Change the name to something like mbamm and click ok. Double click the file and it should now open.

I'm also having the same exact issues as the posters above. I was able to get MBAM to install and run, but it won't remove everything. I've ran it in safemode, it finds everything, says it needs to delete items on reboot, I click ok to reboot, it loads back up, and Spyware Guard 2008 is still there.

I'd really like to avoid reformatting :thumbsup:. If a log would help or if I should create a new thread, I'll do that.

#3 Domonique J

Domonique J
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 19 December 2008 - 08:34 PM

OK, so I finally got the program to run and removed all the files it flagged restarted and Spyware Guard 2008 is still on the computer, any other recommendations?

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:00 PM

Posted 19 December 2008 - 11:34 PM

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Domonique J

Domonique J
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 December 2008 - 01:21 AM

o here is the log file after running Malwarebytes again, hope this helps..

Malwarebytes' Anti-Malware 1.31
Database version: 1524
Windows 5.1.2600 Service Pack 3

12/19/2008 11:07:59 PM
mbam-log-2008-12-19 (23-07-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124622
Time elapsed: 1 hour(s), 41 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ljzlahpltn.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{098b5c14-30fc-4f7f-a1f8-37e125e8ee8d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{be140d42-e5f6-40d4-9d5d-99dabbf93022} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\Kristen Vath\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.

Files Infected:
C:\Documents and Settings\Kristen Vath\Local Settings\Temporary Internet Files\Content.IE5\09SDWRSX\load[1].exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\Kristen Vath\Local Settings\Temporary Internet Files\Content.IE5\EPS3WR4P\CA986L9R (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\grqsgg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\niiexp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pwhnhkis.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tfccea.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xmwkomcs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yvisfhsp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\liekycqy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lxekdg.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\Kristen Vath\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\Kristen Vath\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ljzlahpltn.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Kristen Vath\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> No action taken.

#6 Domonique J

Domonique J
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 December 2008 - 02:18 AM

I don't know what I did differently, other than updating Malwarebytes and doing a full scan it seems to have worked

#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:00 PM

Posted 20 December 2008 - 01:15 PM

This is important. You need to Reboot/restart your computer. Failure to do so will interrupt the removal process


Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users