Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a virus.


  • Please log in to reply
5 replies to this topic

#1 mack9

mack9

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 January 2010 - 02:58 PM

i use webroot anti virus and while running one of its scheduled scans it showed up that i was infected with troj/keygen-bp. It would not remove it. was wondering if anyone could help.

BC AdBot (Login to Remove)

 


#2 pdtnelson

pdtnelson

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tacoma, WA
  • Local time:12:22 AM

Posted 12 January 2010 - 03:51 PM

Hi! We'll be happy to help you with this issue.

Please download MBAM Antimalware and save it to your desktop.
NOTE: Rename the file to ZZToy.exe before saving it to your desktop.

Next, prepare to run MBAM:

* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

* If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

On the Scanner tab:

* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.

Once you have completed all of this, please post the log file in a reply. Thanks and good luck!

#3 mack9

mack9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 January 2010 - 04:31 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3550
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/12/2010 4:30:50 PM
mbam-log-2010-01-12 (16-30-50).txt

Scan type: Quick Scan
Objects scanned: 94392
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 pdtnelson

pdtnelson

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tacoma, WA
  • Local time:12:22 AM

Posted 12 January 2010 - 06:57 PM

Ok, looks good so far. Go ahead and run webroot again and see if it comes up with anything. Please also post the log file from webroot. Good luck!

#5 mack9

mack9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 January 2010 - 08:59 PM

Ok i ran webroot again it still showed up and the log is really long. about 1000 lines or so still want me to post it?

#6 mack9

mack9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 15 January 2010 - 01:11 PM

I have run webroot several times at different times and it show that i still have it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users