Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Adware.Agent and a Trojan.FakeAlert - Unable to update Malwarebytes Anti-Malware


  • Please log in to reply
No replies to this topic

#1 OriginalSnarf

OriginalSnarf

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 10 February 2010 - 11:21 AM

Monday I noticed that any Google search link I clicked was being redirected to an ad site or another suspicious site rather than the actual URL I was trying to go to.

Norton Internet Security 2010 did not detect any intrusions and did not find any infections during both a quick scan and a full system scan.

Malwarebytes Anti-Malware was unable to update. Error code 732 (12007, 0)
Un-updated Malwarebytes detected the following:
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\msl.dll (Adware.Agent) -> Delete on reboot.

Rebooted system.

Rescan with Malwarebytes detected the following:
Files Infected:
C:\WINDOWS\system32\spool\prtprocs\w32x86\00003842.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Rebooted system.

Rescan with Malwarebytes detected no security threats. Scan with Super-Anti Spyware detected no security threats. Scan with Norton Internet Security 2010 still detected no security threats.

Still unable to run updates on Malwarebytes. Still getting browser redirects in Firefox when doing a Google search. Unable to reach Malwarebytes or Symantec websites by typing the URL into the address bar. Edited to add: Unable to disable Norton Internet Security 2010 through Run -> services.msc

OS: Windows XP Home, SP3 with all current updates.
Browser of choice: Firefox 3.0.17 (Husband occasionally uses I.E. 8.0 - Suspected source of infection: visiting MySpace and clicking through links in I.E.)


I'd appreciate any an all help!

Edited to add:
A friend downloaded the rules.ref file for Malwarebytes and put it where I could download and replace the old definitions. Running Malwarebytes in safe mode with those definitions found 3 instances of Trojan.DNSChanger in various locations and removed them. Upon restart, I was unable to start in safe mode with networking or simply in safe mode. It started an endless reboot loop. I was able to restart in normal mode, and Malwarebytes is currently running another full scan.

Edited by OriginalSnarf, 10 February 2010 - 03:03 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users