Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infection: speedapps


  • Please log in to reply
6 replies to this topic

#1 Ludanto

Ludanto

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 29 December 2008 - 05:37 PM

Hello,

I was trying to remove a certain virus: A lot of banners on different webpages were replaced by banners of Vimax..
I tried to download a program to remove it (forgot the name and the place where I got it from) but it brought me a lot more problems.

The same problems some guy posted in this topic:

http://www.bleepingcomputer.com/forums/lof...hp/t187157.html


Here you can see a printscreen when I tried logging on to my gmail account:

Posted Image

As you can see I got redirected in the taskbar and the banner on the bottom of the screen shouldn't be there!

Here is the logfile from Malwarebytes AntiMalware as requested in the other post:

Malwarebytes' Anti-Malware 1.30
Database versie: 1406
Windows 5.1.2600 Service Pack 3

29/12/2008 22:39:02
mbam-log-2008-12-29 (22-39-02).txt

Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 147570
Verstreken tijd: 59 minute(s), 25 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 1
Registerwaarden ge´nfecteerd: 0
Registerdata bestanden ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 2

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
C:\System Volume Information\_restore{2A224D29-0B92-4E6D-B00B-BA4451E71299}\RP390\A0140331.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2A224D29-0B92-4E6D-B00B-BA4451E71299}\RP397\A0141885.sys (Trojan.Downloader) -> Quarantined and deleted successfully.



I'm currently running a scan with AVG Anti-Virus..


Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 29 December 2008 - 05:42 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Ludanto

Ludanto
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 30 December 2008 - 02:40 PM

I can't log in as an administrator on xp.. Don't know the password

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 30 December 2008 - 05:48 PM

Run the scan anyway.

Why don't you have the Admin password? Have you tried just leaving the password blank and pressing enter?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Ludanto

Ludanto
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 30 December 2008 - 08:59 PM

It's a laptop I bought via my previous school. But I graduated there in june. I'll run the scan and will edit the results

#6 Ludanto

Ludanto
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 31 December 2008 - 05:40 AM

edit:

the problems are still there..

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:44 PM

Posted 31 December 2008 - 08:40 AM

Your MBAM log indicates you are using an older version of MBAM with an outdated database. Please download and install the most current version of MBAM from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

Afterwards, please update the database through the program's interface (preferable way) or manually download the updates and just double-click on mbam-rules.exe to install. Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users