Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Koobface infection and/or other?


  • Please log in to reply
11 replies to this topic

#1 Highcountryrider

Highcountryrider

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 17 November 2009 - 11:18 AM

I'm trying to help a friend remove an infection from her laptop. It appears she has Koobface. She is a Facebook user. I had installed Malwarebytes previously but she had not run a scan recently. She attempted to update Malwarebytes when she suspected that she had been infected but it would not update. There is also a problem that if she attempts to visit a online antivirus vendor website the browser either re-directs to a page selling a anti-spyware product or does not go through at all. I confirmed this myself. All other browsing works fine.

I subsequently ran a Malwarebytes Quick Scan without updating and it did find Koobface infections. I removed them and then saved the log. Here is that log:
Malwarebytes' Anti-Malware 1.41
Database version: 2845
Windows 5.1.2600 Service Pack 3

11/15/2009 11:04:18 AM
mbam-log-2009-11-15 (11-04-18).txt

Scan type: Quick Scan
Objects scanned: 115299
Time elapsed: 11 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\pp12.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\ld15.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\pp12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

I then ran a Malwarebytes Full scan and it showed no infections. Here is that log:
Malwarebytes' Anti-Malware 1.41
Database version: 2845
Windows 5.1.2600 Service Pack 3

11/16/2009 4:57:12 PM
mbam-log-2009-11-16 (16-57-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 174384
Time elapsed: 52 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

She uses PCillian as her anti-virus software. I ran a full system scan after the above scan and it came up clean but the system is still obviously infected. Unable to update Malwarebytes database or browse to any anti-virus vendor's website. I have now installed and run the DDS and Root Repeal tools. I am now including these results and attaching reports as per the Preparation Guide.

Here is the DDS log:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Larry at 21:34:19.56 on Mon 11/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.495 [GMT -7:00]

AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE -k fioo32
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Larry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060927
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://as.weatherstudio.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwX5bEaI0bVldjmttCnAKctBCPtQJYWqRI4+INRryUC6RBuwbeWyZN6iRQa15CPlzsLuCBCd3eEqpkDojBLmCunwNyTKYv6O8gIAaw0Zwo+8M=
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R?2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2005-8-16 14336]
R1 fio32;fio32;c:\windows\system32\drivers\fio32.sys [2009-11-12 59520]
R1 FolderProtectDriver;FolderProtectDriver;c:\program files\spotmau wincare 2008\sub\fsdriver\FolderProtectDriver.sys [2009-9-25 15616]
R2 FolderProtectService;FolderProtectService;c:\program files\spotmau wincare 2008\sub\fsdriver\FolderProtectService.exe [2009-9-25 10240]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]

=============== Created Last 30 ================

2009-11-15 17:37:14 137216 ----a-w- c:\windows\rdr_1258306629.exe
2009-11-13 01:44:13 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-11-13 01:44:02 59520 ----a-w- c:\windows\system32\drivers\fio32.sys
2009-11-13 01:44:02 50688 ----a-w- c:\windows\system32\fio32.dll
2009-11-13 01:43:50 2 ----a-w- c:\windows\0101120101465155.xxe
2009-11-13 01:43:49 2 ----a-w- c:\windows\010112010146116101.xxe
2009-11-12 14:43:54 3246 ----a-w- c:\windows\system32\wbem\Outlook_01ca63a68eeaaace.mof

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2008-10-13 22:58:09 88 --sh--r- c:\windows\system32\0C12FD6628.sys
2008-10-13 22:58:10 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-19 15:58:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101920081020\index.dat

============= FINISH: 21:34:47.65 ===============

Attached Files


Highcountryrider
If you think nobody cares about you, try missing a couple of payments.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:35 AM

Posted 18 November 2009 - 04:39 AM

Hi,

Please download and run the following standalone updater: http://www.malwarebytes.org/mbam/database/mbam-rules.exe
Then run a malwarebytes scan again, delete what it found, then reboot and post the new log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Highcountryrider

Highcountryrider
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 November 2009 - 10:14 AM

Thanks for the reply. OK, just so you understand. I cannot access the link you provided on the infected laptop. Just a blank screen in the browser. I downloaded it to my system, transfered it to the laptop via a flash drive. I ran the installation program and after it completed I saw nothing on either the desktop, start menu or program files related to this stand alone updater. I opened Malwarebytes and attempted to update there without success. Same problem as original post.

Could you provide more details about what I should expect to see after installing the update application you provide the link to?
Highcountryrider
If you think nobody cares about you, try missing a couple of payments.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:35 AM

Posted 18 November 2009 - 10:28 AM

Hi,

It shouldn't install anything except for updating the definition rules. So no need to update via mbam update as this still won't work.
But with these updated database rules you've installed, you should be able to perform a new scan again with malwarebytes, so it deals with the rest of the infection. Once they are gone, you should be able to update again.
Please post the log from malwarebytes in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Highcountryrider

Highcountryrider
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 November 2009 - 01:48 PM

Thanks for the clarification. You might want to include that in your original response as to what the exe will do. Have just run a full scan with updated definitions. 15 additional infected objects detected and deleted. Log below. If the laptop now comes up clean should I delete old restore points? Should I run additional scans with Malwarebytes and the PCillin anti-virus.

Again, thanks for the help! :(

Malwarebytes' Anti-Malware 1.41
Database version: 3181
Windows 5.1.2600 Service Pack 3

11/18/2009 11:31:16 AM
mbam-log-2009-11-18 (11-31-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 182441
Time elapsed: 50 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\fio32.dll (Worm.KoobFace) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fio32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIOO32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SfX (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\fio32.dll (Worm.KoobFace) -> Delete on reboot.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP896\A0081382.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\fio32.sys (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\rdr_1258306629.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465155.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
Highcountryrider
If you think nobody cares about you, try missing a couple of payments.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:35 AM

Posted 18 November 2009 - 01:51 PM

Hi,

If the laptop now comes up clean should I delete old restore points?

Yes, that's a good idea.
Please try to update malwarebytes now. It should now work again. Let me know if it doesn't.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Highcountryrider

Highcountryrider
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 November 2009 - 02:45 PM

I was able to update MWB and am running another full scan. No objects infected so far. I am also able to browse to antivirus vendor websites with no redirects. I will be running a full PCillin scan also. Any indications of other malware infections that you can see from other submitted logs?

Scan completed. Here's log.

Malwarebytes' Anti-Malware 1.41
Database version: 3194
Windows 5.1.2600 Service Pack 3

11/18/2009 12:46:30 PM
mbam-log-2009-11-18 (12-46-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 183160
Time elapsed: 51 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Highcountryrider, 18 November 2009 - 02:48 PM.

Highcountryrider
If you think nobody cares about you, try missing a couple of payments.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:35 AM

Posted 18 November 2009 - 02:50 PM

Hi,

From the first DDS log you posted, the malicious entries in there were taken out by Malwarebytes after running the standalone updater, so you should be OK here now :(

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Highcountryrider

Highcountryrider
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 November 2009 - 03:26 PM

:(
Thanks for the help. I'll pass on your recommendations to my lady friend but you know how women can be......... :(
Highcountryrider
If you think nobody cares about you, try missing a couple of payments.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:35 AM

Posted 18 November 2009 - 03:29 PM

I'll pass on your recommendations to my lady friend but you know how women can be.........

I perfectly know how women can be... :(
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Highcountryrider

Highcountryrider
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 November 2009 - 03:41 PM

Another question regarding the manual MWB update link download that you posted. Was that a one time thing or will it download updated definitions as they are available? Nice tool to have if one cannot access the updates through MWB.
Highcountryrider
If you think nobody cares about you, try missing a couple of payments.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:35 AM

Posted 18 November 2009 - 03:48 PM

The standalone updater gets updated once in a while, while the updater in the malwarebytes scanner can get updated whenever updates are available (multiple times a day).
So the standalone updater is only in "emergency cases". :(
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users