Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan\Rootkit TDSS


  • This topic is locked This topic is locked
2 replies to this topic

#1 pmintgurl

pmintgurl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 December 2009 - 07:00 PM

OK, so I have this problem with my computer. I only used to use my computer for Microsoft word, to type papers for school projects.( by the way I have Windows XP home edition) I never had an Internet connection, and it went this way for 6 months or so. On October 22, 2009 I decided to go ahead and get an internet connection through my local phone company. This is when all of my problems started.
I always got this warning, " no firewall is turned on" and to "click on this balloon to fix this problem"9I never click it however because I knew that I did have a firewall on) After getting my Internet connected I installed AVG 8.5( the free edition). I also had Spybot Search and Destroy, and Malwarebytes. I did regular scans with all three of these. Every time a scan was ran there was always something found,but mainly Trojan Win32/Alureon.DB (also trojan droppers,backdoor.bot,trojan fake alert, backdoor. prorat,and rootkit tdss). I always remove and restart like the programs tell me to. Upon restart I usually do another scan just for good measure and the same thing that was removed is found again.
I tried to scan in safe mode, but my computer will not let me go into safe mode. When I try to go in safe mode I get a message that says " Windows did not start up successfully. A recent hardware or software change may be responsible for this"
Every time I access the internet I get these warnings that I am infected.(from resident shield) It says C\WINDOWS\system32\tdlcmd.dll and tdlclk.dll. I have tried everything to get rid of these things, but have failed.
About five days ago I downloaded Microsoft Security Essentials. It has been sending me pop ups every five mins "1 potential threat has been detected and suspended" It is always the same file C\WINDOWS\system32\tdlcmd.dll and tdlclk.dll.
Also AVG is detecting Trojan Vundo.V and IV, and JD in C\Sysytem Volume Information\_restore.
Is there any hope for my PC. I am not computer smart at all. Also my windows automatic updates have been disabled. I really cannot afford a new computer. I need help badly!!! Heres the DDS


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 17:37:11.46 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.51 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
Attached File  Attach.txt   18.64KB   5 downloads

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpenc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.alot.com
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
TB: RX Toolbar: {25d8bacf-3de2-4b48-ae22-d659b8d835b0} - c:\program files\rxtoolbar\RXToolBar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179265688375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179265751250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\56a99grn.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2007-5-15 38784]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-26 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-26 297752]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 adreyngk;adreyngk;c:\windows\system32\drivers\adreyngk.sys [2009-12-13 30784]
S1 auldpgpg;auldpgpg;\??\c:\windows\system32\drivers\auldpgpg.sys --> c:\windows\system32\drivers\auldpgpg.sys [?]
S1 bfjzlova;bfjzlova;\??\c:\windows\system32\drivers\bfjzlova.sys --> c:\windows\system32\drivers\bfjzlova.sys [?]
S1 bsbjclft;bsbjclft;\??\c:\windows\system32\drivers\bsbjclft.sys --> c:\windows\system32\drivers\bsbjclft.sys [?]
S1 bvqczvbm;bvqczvbm;\??\c:\windows\system32\drivers\bvqczvbm.sys --> c:\windows\system32\drivers\bvqczvbm.sys [?]
S1 cfzfbvkl;cfzfbvkl;c:\windows\system32\drivers\cfzfbvkl.sys [2009-12-13 30784]
S1 cjclanjd;cjclanjd;\??\c:\windows\system32\drivers\cjclanjd.sys --> c:\windows\system32\drivers\cjclanjd.sys [?]
S1 dddkfafg;dddkfafg;\??\c:\windows\system32\drivers\dddkfafg.sys --> c:\windows\system32\drivers\dddkfafg.sys [?]
S1 dipjnpco;dipjnpco;\??\c:\windows\system32\drivers\dipjnpco.sys --> c:\windows\system32\drivers\dipjnpco.sys [?]
S1 ebumpcmy;ebumpcmy;c:\windows\system32\drivers\ebumpcmy.sys [2009-12-13 30784]
S1 eetavbcy;eetavbcy;c:\windows\system32\drivers\eetavbcy.sys [2009-12-13 30784]
S1 euwllszc;euwllszc;\??\c:\windows\system32\drivers\euwllszc.sys --> c:\windows\system32\drivers\euwllszc.sys [?]
S1 frvzinee;frvzinee;\??\c:\windows\system32\drivers\frvzinee.sys --> c:\windows\system32\drivers\frvzinee.sys [?]
S1 gadhggtg;gadhggtg;\??\c:\windows\system32\drivers\gadhggtg.sys --> c:\windows\system32\drivers\gadhggtg.sys [?]
S1 gjcymjie;gjcymjie;\??\c:\windows\system32\drivers\gjcymjie.sys --> c:\windows\system32\drivers\gjcymjie.sys [?]
S1 gsbkkncf;gsbkkncf;\??\c:\windows\system32\drivers\gsbkkncf.sys --> c:\windows\system32\drivers\gsbkkncf.sys [?]
S1 gtnkjfsm;gtnkjfsm;\??\c:\windows\system32\drivers\gtnkjfsm.sys --> c:\windows\system32\drivers\gtnkjfsm.sys [?]
S1 gtuzzurt;gtuzzurt;\??\c:\windows\system32\drivers\gtuzzurt.sys --> c:\windows\system32\drivers\gtuzzurt.sys [?]
S1 hivvqktd;hivvqktd;\??\c:\windows\system32\drivers\hivvqktd.sys --> c:\windows\system32\drivers\hivvqktd.sys [?]
S1 hmthbypd;hmthbypd;\??\c:\windows\system32\drivers\hmthbypd.sys --> c:\windows\system32\drivers\hmthbypd.sys [?]
S1 jhdijakv;jhdijakv;\??\c:\windows\system32\drivers\jhdijakv.sys --> c:\windows\system32\drivers\jhdijakv.sys [?]
S1 jvysscbw;jvysscbw;\??\c:\windows\system32\drivers\jvysscbw.sys --> c:\windows\system32\drivers\jvysscbw.sys [?]
S1 koaexpiv;koaexpiv;\??\c:\windows\system32\drivers\koaexpiv.sys --> c:\windows\system32\drivers\koaexpiv.sys [?]
S1 ktiudvho;ktiudvho;\??\c:\windows\system32\drivers\ktiudvho.sys --> c:\windows\system32\drivers\ktiudvho.sys [?]
S1 mgqzmehq;mgqzmehq;\??\c:\windows\system32\drivers\mgqzmehq.sys --> c:\windows\system32\drivers\mgqzmehq.sys [?]
S1 mzkbihxu;mzkbihxu;\??\c:\windows\system32\drivers\mzkbihxu.sys --> c:\windows\system32\drivers\mzkbihxu.sys [?]
S1 njxifkcc;njxifkcc;c:\windows\system32\drivers\njxifkcc.sys [2009-12-13 30784]
S1 nxhlkrft;nxhlkrft;\??\c:\windows\system32\drivers\nxhlkrft.sys --> c:\windows\system32\drivers\nxhlkrft.sys [?]
S1 nzygaryl;nzygaryl;\??\c:\windows\system32\drivers\nzygaryl.sys --> c:\windows\system32\drivers\nzygaryl.sys [?]
S1 oschxcsi;oschxcsi;\??\c:\windows\system32\drivers\oschxcsi.sys --> c:\windows\system32\drivers\oschxcsi.sys [?]
S1 pbjjimuw;pbjjimuw;\??\c:\windows\system32\drivers\pbjjimuw.sys --> c:\windows\system32\drivers\pbjjimuw.sys [?]
S1 pjkjdodw;pjkjdodw;\??\c:\windows\system32\drivers\pjkjdodw.sys --> c:\windows\system32\drivers\pjkjdodw.sys [?]
S1 quvakkhd;quvakkhd;c:\windows\system32\drivers\quvakkhd.sys [2009-12-13 30784]
S1 tlauvrwn;tlauvrwn;c:\windows\system32\drivers\tlauvrwn.sys [2009-12-13 30784]
S1 ujmdopsh;ujmdopsh;\??\c:\windows\system32\drivers\ujmdopsh.sys --> c:\windows\system32\drivers\ujmdopsh.sys [?]
S2 vfwxsksdwkbpxq;vfwxsksdwkbpxq;\??\c:\windows\system32\drivers\ajmaqookfnlcoh.sys --> c:\windows\system32\drivers\ajmaqookfnlcoh.sys [?]
S3 iviudf;iviudf;c:\windows\system32\drivers\iviudf.sys --> c:\windows\system32\drivers\IviUdf.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-27 38224]
UnknownUnknown hozyflld;hozyflld; [x]
UnknownUnknown xgvligxp;xgvligxp; [x]

=============== Created Last 30 ================

2009-12-13 22:27:50 30784 ----a-w- c:\windows\system32\drivers\tlauvrwn.sys
2009-12-13 22:11:22 30784 ----a-w- c:\windows\system32\drivers\njxifkcc.sys
2009-12-13 21:56:12 30784 ----a-w- c:\windows\system32\drivers\eetavbcy.sys
2009-12-13 21:40:01 30784 ----a-w- c:\windows\system32\drivers\quvakkhd.sys
2009-12-13 21:38:31 30784 ----a-w- c:\windows\system32\drivers\adreyngk.sys
2009-12-13 21:28:16 12800 ----a-w- c:\windows\system32\tdlclk.dll
2009-12-13 21:27:55 30784 ----a-w- c:\windows\system32\drivers\cfzfbvkl.sys
2009-12-13 21:27:08 30784 ----a-w- c:\windows\system32\drivers\ebumpcmy.sys
2009-12-13 20:57:54 25600 ----a-w- c:\windows\system32\tdlcmd.dll
2009-12-10 14:27:33 0 d-----w- C:\fccec3a5e8f4f970c79c7be3da
2009-12-08 16:12:46 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-06 22:41:12 0 d-----w- C:\a3f620435e892cda9f6585e9
2009-11-29 16:52:35 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2009-11-29 16:12:56 0 d-----w- c:\docume~1\owner\applic~1\AVG8
2009-11-21 21:25:14 0 d-----w- c:\documents and settings\all users\e199d09

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 02:10:42 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-27 02:10:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-27 02:10:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2007-05-15 21:46:08 65 ----a-w- c:\program files\common files\appop.log
2007-05-16 15:25:14 5 --sha-w- c:\windows\system32\cdafacf2_d.dll

============= FINISH: 17:43:01.70 ===============
Attached File  ark.txt   2.42KB   2 downloads

Edited by pmintgurl, 14 December 2009 - 12:39 PM.


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:24 PM

Posted 16 December 2009 - 12:32 PM

Hello pmintgurl :( Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.











Please do not post any logs as an attachment unless asked to do so.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:24 PM

Posted 22 December 2009 - 10:53 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact my by PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users