Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVirus 2010! No internet/ Malwarebytes not installing


  • Please log in to reply
3 replies to this topic

#1 jessicones

jessicones

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 26 February 2010 - 02:44 AM

Hello! I am terribly sorry if this has been answered but after a search through the forum I could not find results that apply entirely.
I'm running Windows XP 5.1 and have the Antivirus 2010 trojan - I can't install Malwarebytes (I had downloaded the file before it blocked the internet, but when I try to install it nothing happens.) The cheeky virus has blocked the internet access on the infected computer, and I tried scoping out the av registry keys but to no avail! These are the ones I tried to find:

HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"

Not-a one, my friends! Tried through both the "find" method and manually searching.
Although honestly, deleting keys would be the preferred method for me, seeing as I'm not tech savvy enough to take apart the hard drive or anything.
I have found the hidden av.exe but it can't be deleted, of course.

The popups and general obnoxiousness began today so I'm hoping to knock it out asap (I don't know if it lies dormant for a while or whathaveyou) Any advice is appreciated.

Thanks for your time!
-Jessie

Edited by jessicones, 26 February 2010 - 02:48 AM.


BC AdBot (Login to Remove)

 


#2 rosiesdad

rosiesdad

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 26 February 2010 - 07:23 AM

Towards the bottom of the forum index, there is a forum for folks who have infected computers and need help. please repost there.
FWIW you got a good one for them to help you with.


EDIT: No need to repost, I moved this to the right forum ~ Elise

Edited by elise025, 26 February 2010 - 07:38 AM.


#3 jessicones

jessicones
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 27 February 2010 - 07:15 PM

Thanks! An update (for the worse, unfortunately), after installing SuperSpyware and running a successful scan, it seems my system32 run.dll file is missing. The one that allows programs to open, I believe? Well, during the scan I checked all the files to make sure I didn't quarantine/ delete anything important and I sure didn't see that in there! Was that me or did the virus go all super saiyan or something? I'm quite concerned that I screwed over my computer.
Although on the plus side the AV virus appears to be gone.

Thanks for your time!
-Jessie

#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 27 February 2010 - 07:43 PM

Hello :thumbsup:
If you are getting a rundll32.exe error on boot, that sometimes happens after malware removal, when there are directions for the computer to run a certain file on boot, and that file was removed by the malware removal process.

Autoruns:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys.
To disable an auto-start entry uncheck its check box.

Use RKill, and Malwarebytes'.

RKill:
http://www.technibble.com/rkill-repair-tool-of-the-week/
Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial
There is a section that deals with "Troubleshoot Malwarebytes'".

Also, if you experience trouble using RKill,
How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial
has links to RKill under different names.

In your next reply, please state what, if any, symptoms you are still experiencing.
Copy/paste the ENTIRE TEXT from the SUPERAntiSpyware and Malwarebytes' scan results logs into your next reply.

If we don't change the direction we are going,
We are likely to end up where we are headed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users