Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Protect 2009 infection


  • Please log in to reply
6 replies to this topic

#1 nxpremox

nxpremox

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 03 April 2009 - 11:48 PM

So here's my problem. While using the internet the Spyware Protect 2009 scanner popped up on my screen. I didn't realize that it was a fake scanner so I let it scan. So now my computer got installed with and infected by Spyware Protect 2009, and it won't go away. It continuously gives me pop ups saying that there are infections on my computer. I scanned it with the most recent version of MBAM a few times, and it removed the infection, but it keeps coming back. Please help.
Posted Image Posted Image
Posted Image

Edited by nxpremox, 03 April 2009 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 03 April 2009 - 11:51 PM

Hi there! :thumbsup: to Bleeping Computer.

Please update MBAM, do a full scan, then please post the log in to your next reply!

(Note to advisors: User may have to go to HijackThis according to BC Removal Tutorial)

Edited by Jay-P VIP, 03 April 2009 - 11:55 PM.


#3 nxpremox

nxpremox
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 03 April 2009 - 11:56 PM

Okay. Thanks for the quick reply lol.
Rescanning now.
I'll post the log when it's finished or after I wake up since it's like 1 AM right now. :]

#4 nxpremox

nxpremox
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 04 April 2009 - 09:36 AM

Here's the full scan log from MBAM:

Malwarebytes' Anti-Malware 1.35
Database version: 1939
Windows 5.1.2600 Service Pack 3

4/4/2009 10:35:29 AM
mbam-log-2009-04-04 (10-35-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 203174
Time elapsed: 1 hour(s), 47 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#5 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2009 - 10:49 AM

  • Please print these instructions as they will be needed later when Internet access is not available.
  • Save these instructions in word or notepad to the desktop where they can be easily found.
  • Download Vundo Fix and save it to your desktop.
  • When it has completed downloading, double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click the OK button.
  • When the computer has shutdown, turn your computer back on.
  • Please do a quick scan with MBAM, then post your results of the Vundo fix (did it go successfully?), and the log of MBAM.
...

#6 nxpremox

nxpremox
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 04 April 2009 - 12:05 PM

The VundoFix seems to have fixed the problem because the quick scan showed up clean. :thumbsup:

MBAM quick scan:

Malwarebytes' Anti-Malware 1.35
Database version: 1939
Windows 5.1.2600 Service Pack 3

4/4/2009 1:01:13 PM
mbam-log-2009-04-04 (13-01-13).txt

Scan type: Quick Scan
Objects scanned: 74140
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Yay! Thanks for all the help Jay-P [:

#7 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2009 - 12:11 PM

You are welcome! If this problem shows up again in the near future, like in a day or two, please post back here.

Otherwise this problem is resolved. Thank you for your patience and for choosing Bleeping Computer as your source for help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users