Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deja vu


  • Please log in to reply
5 replies to this topic

#1 angryman2009

angryman2009

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 13 March 2009 - 12:39 AM

My girlfriend some how got her laptop infected w/ Antivirus 360 today. Pc has Windows XP: Home Edition: Version 2002: Service Pack 3. Running NIS 2009 which doesnt detect virus in scan, but does say AV360 modified windows startup settings. I need help ASAP!!!!I screwed up my pc w/ a similar virus 2 days ago. Is it safe for me to restart or shut down laptop since AV 360 modified startup settings?

Edited by angryman2009, 13 March 2009 - 12:50 AM.


BC AdBot (Login to Remove)

 


#2 iearldtg

iearldtg

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 13 March 2009 - 12:51 AM

For Removal through an Antivirus Download And Install Malwarebytes And update and run quick scan

Here are the manual removal instructions:

Edited by garmanma, 13 March 2009 - 08:28 PM.
Remove reg fixes


#3 angryman2009

angryman2009
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 13 March 2009 - 01:47 AM

Here is the MBAM log. Is laptop clear now?

Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 5.1.2600 Service Pack 3

3/13/2009 2:37:55 AM
mbam-log-2009-03-13 (02-37-55).txt

Scan type: Quick Scan
Objects scanned: 72273
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5738b8b0b3c21afad88d432ca717a817 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Desktop\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> Quarantined and deleted successfully.

Edited by angryman2009, 13 March 2009 - 01:48 AM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:18 PM

Posted 13 March 2009 - 08:30 PM

Please reboot your computer
Update mbam and run a FULL scan
Post back with the results
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 angryman2009

angryman2009
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 14 March 2009 - 03:01 AM

This is MBAM full scan. Am I in the clear now?

Malwarebytes' Anti-Malware 1.34
Database version: 1847
Windows 5.1.2600 Service Pack 3

3/14/2009 3:50:03 AM
mbam-log-2009-03-14 (03-50-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 153150
Time elapsed: 32 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\My Documents\All Microsoft Xp Programs Keygen - Windows Office Visio -All Xp 2005\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:18 PM

Posted 14 March 2009 - 07:12 AM

All Microsoft Xp Programs Keygen


Using any peer-to-peer (P2P) or file sharing program is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications. Read P2P Software User Advisories, Risks of File-Sharing Technology and P2P file sharing: Anticipate the risks....

Am I in the clear now?


MBAM only targets or detects keygens, you need to do a full scan of all data on all drives with an antivirus
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users