Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes - is it OK to remove "selected"


  • This topic is locked This topic is locked
20 replies to this topic

#1 SeekingSolutions

SeekingSolutions

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 20 February 2010 - 12:56 PM

At the risk of sounding like a complete idiot...
As suggested by many on the forums, I ran Malwarebytes which returned 12 issues - adware minibugs, disabled antivirus, disabled firewall and Hijack.StartMenu.
Most of these involve registry keys. I have been informed that neophytes should not mess with registries.
Is it safe to have Malwarebytes "remove" these bugs?
How can I be sure this is a genuine Malwarebytes scan, and not an imposter that will cause additional damage?
I've not been able to find much information on Hijack.StartMenu, have wondered about sudden popups (with popups off) and got onto bleeping computer because my startup menu folders were all empty.
Please advise.
Thank you.
PS why do I have to relog into BC so frequently?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 AM

Posted 20 February 2010 - 09:47 PM

Hello, yes click Remove.. Always good to ask :thumbsup:

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 21 February 2010 - 03:09 PM

OK. Ran MBAM again. It found no issues.
Malwarebytes' Anti-Malware 1.44
Database version: 3769
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/21/2010 11:48:18 AM
mbam-log-2010-02-21 (11-48-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148147
Time elapsed: 1 hour(s), 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am now going to run ATF.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 AM

Posted 21 February 2010 - 03:18 PM

Ok ,I'll look back in an hour..

PS why do I have to relog into BC so frequently?

.
I am looking at this for you.

When you log in is there a check in the box
Options
BOX Remember me?
This is not recommended for shared computers

Edited by boopme, 21 February 2010 - 03:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 21 February 2010 - 03:45 PM

Correction. Computer gives me a warning that the ATF link does not have a valid signature. Superantispyware does not download. The site opens, but on hitting download, the circle just goes round and round and round. I tried all of the download opportunities on the site with the same result. Now what?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 AM

Posted 21 February 2010 - 04:20 PM

OK,try TFC for ATF

TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

You have tried this one?
If SUPERAntiSpyware is not currently installed, please download and run one of these alternate versions of the install package:

SUPERAntiSpyware FREE Edition Installer
http://downloads.superantispyware.com/downloads/SAS_FREE.EXE


If still no joy Run this Online scan.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 21 February 2010 - 08:16 PM

Hi -
TFC by Oldtimer link worked fine - scanned - rebooted when prompted.
Alternate version of Superspyware Installer worked fine (slick software!) - scanned - results:

http://www.superantispyware.com

Generated 02/21/2010 at 05:55 PM

Application Version : 4.34.1000

Core Rules Database Version : 4605
Trace Rules Database Version: 2417

Scan type : Complete Scan
Total Scan Time : 00:55:37

Memory items scanned : 320
Memory threats detected : 0
Registry items scanned : 4469
Registry threats detected : 0
File items scanned : 17547
File threats detected : 0

Clean as a whistle, ei?

Do you still want me to scan with ESET Online?

Thank you for looking into the logging in issue. Have checked the "remember me" box (which I generally don't) even if it's used only by me, and have accepted all your cookies. Logging issue solved.

MS wants to update me to SP3. Do I need to do that? Have heard of problems with SP3.

MS Security center tells me I have no virus protection. At the suggestion of your colleague, I will install...

#8 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 21 February 2010 - 08:25 PM

... will install Comodo combo (antivirus and firewall). Do you concur?

On a happy note, things seem to be running quite nicely. Did a Sudoku in 4min55sec - fastest yet. No cursor lag.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 AM

Posted 21 February 2010 - 09:13 PM

Hi looks good. Yes please do the ESET as we may as well be sure. Then we'll mop up.
Well I like the Comodo Firewall but I use Avira AntiVir Free with it.
http://www.free-av.com/ .. It has a nag screen once a day but I think the better detection rate is worth it. Or buy it.
If you do choose Avira you need to uncheck the AV install box when installing the Comodo Firewall. Can't have 2 AV's running.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 22 February 2010 - 12:17 AM

Results of ESET Online Antivirus Scan:

C:\System Volume Information\_restore{C31EBA48-0672-4B80-A189-FE72D4746E91}\RP896\A0086642.dll
Win32/Adware.WBug.A application
cleaned by deleting - quarantined

Has this appeared since previous scans?

Look forward to mopup. Lots of stuff has been downloaded...

Should I install the Avira antivirus and Comodo firewall first? And does it matter which one goes on first?

So far, I'm getting happier with each keystroke and looking forward to e-filing return safely (and zipping thru Sudokus).

#11 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 22 February 2010 - 01:20 PM

Please Help.
I have installed the Avira AntiVir, but the Guard is stopped and I cannot get it to turn on.

What should I do?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 AM

Posted 22 February 2010 - 03:14 PM

Did you install Comodo first.. and NOT it's AV?
Did you Right click the Avirra tray icon (by the Clock) and click Start Avira. Then click Activate in Avira Guard?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 22 February 2010 - 03:31 PM

did not install comodo - windows firewall on - Right clicked Avira - activated - this didn't work. Guard service still off.
Am trying to reinstall.
Beginning to wonder if it's a permissions thing.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 AM

Posted 22 February 2010 - 03:48 PM

Ok try reinstall... Are you using the Admin account?
Were you getting any error or message?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 SeekingSolutions

SeekingSolutions
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA, Pennsyvania
  • Local time:12:08 AM

Posted 22 February 2010 - 04:13 PM

All reinstalled. Same thing.

I'm not sure about the admin account. Looked it up on MS, which indicated that if I could reset date and time, I am logged on as administrator. I'm not sure if the permissions on the security tabs are set correctly. I don't know the correct settings and may have messed up in trying to get them right.

The only error message I get it after install, registration, etc is: The following error occured when trying to start the update: Scheduler has not been started. I've gone into scheduler and hit start process (for update), done the start Antivi from the taskbar.

Am looking again on the Avira help site.

Suggestions????




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users