Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware defence infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 froggy27120

froggy27120

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 22 December 2009 - 05:12 PM

Hi, my PC 've got "Malware defense" last saturday.

And I have quite same issue as Smithy 2009

I did some action and I am looking for help now:
- first I disconnect the internet connection leaving le PC in stand alone and run a complete Norton analysis (no virus found) and highjackthis
- then with an other PC I did research on internet and download "Malwarebyte" from your site
- and i intalled it from a usb key to the infected PC.
- but after correct intallation nothing happened when I run it.

At this point, I tried several thing unsuccessfull with "Malwarebyte"
- reconnect to internet and install it
- boot PC in safe mode install it
- install an other anti malware like "spyware doctor"
- even "spyboat SD" already installed can't be run!
- of course I had continuously "malware defense" windows pop-up
- And I noticed that firefox was not anymore the default navigator
- after a while things were getting worse,"Malware defense" started to down load something so I promptly disconnect internet wire before the end.

Therefore, I tried some internal action to stop but not to cure.
- I discover from Hijacklog that all the stuff is in C:\Documents and Settings\Propriétaire\Local Settings\Temp
- I uninstall "Malware defense" with windows add/supp program
- I zipped separatly and copied ...\Local Settings\Temp\ files on usb key and erased files , except "wscsvc32" and "richtx64" (they are locked)
- I disabled "richtx64" from startup list with "msconfig"

Now I look the "test.reg" vicius files , it is still regenerated from nowhere ! and it seems changing registerDB deeply.

So coming back to the begining could you give me a help in order to run "Malwarebyte"

I attached hjt log ( see line 26-27 and 51-52-53) and the test.reg ( see lot of register about IE)

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 AM

Posted 04 January 2010 - 11:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:04 AM

Posted 09 January 2010 - 08:14 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users