Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Viruses that go away and come right back!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kitties

Kitties

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 26 February 2010 - 01:41 PM

Hello.

I am not the most experienced computer user, but I know enough to not click on strange links, to not be fooled by most virus pop-ups, and to steer clear of trapping websites (when possible). I typically do not have problems with viruses, but recently, I have been experiencing daily virus notifications. I deal with the problem, and it goes away. The next day, something new is back. I'm afraid that I have a serious infection, and my scanners aren't picking it up.

I have AVG and Malwarebytes, and I use Firefox and AIM to go online. There was a time when I tried to deal with some of the viruses that AVG could not heal by going into Safe Mode and deleting the files. (Most of the problem files were in a Content.IE5 folder under my "Temporary Internet Files" folder.) This seemed to work for a time, though I'm sure there was probably a better solution. If only I had heard of this website sooner!

This computer used to be my sister's and was wiped and restored in October. My problems all started in January of this year. Recently, some of the viruses/malware have showed up in my System32 folder, which is worrying me. Is there something hidden that is distracting me with these other viruses while it does real damage?

Two weeks ago, my internet browser would not load any pages unless I refreshed a ton of times. And when it did load, the images would not show up. That was when I got Malwarebytes. The first time I ran it, it got rid of 5 or 7 infections, and my internet was back to normal. I just wanted to mention that because this is around the time I found more and more viruses getting detected daily.

Also -- does AVG pop up "Resident Shield Alert" when it detects a virus? I get those pop-ups every so often, and part of me is afraid that is a virus too. Basically, I'm paranoid and not even close to being qualified enough to figure this out myself.

Please help!

BC AdBot (Login to Remove)

 


#2 belfastsixpack

belfastsixpack

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, MA
  • Local time:01:11 AM

Posted 26 February 2010 - 01:52 PM

Let's run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

#3 Kitties

Kitties
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 27 February 2010 - 08:19 PM

Isn't there a rule that I can't post logs in this forum? Sorry, I don't want to get in trouble by doing the wrong thing. I read the forum rules, but I might be misunderstanding them.

#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 27 February 2010 - 09:50 PM

Hello :thumbsup:

It is allowed to post the scan logs from Malwarebytes', SUPERAntiSpyware, and ESET Online Scan in this forum.

The rule you are referring to pertains to ComboFix (which is only to be run under the supervision of someone trained in its use; for example, the OFFICIAL STAFF MEMBERS of this site).

Instructions from the following members is to be considered trusted:
Admin | Site Admin | Global Moderator | Moderator | Malware Response Instructor | Malware Response Team | BC Advisor

If we don't change the direction we are going,
We are likely to end up where we are headed.

#5 Kitties

Kitties
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 02 March 2010 - 11:40 PM

(( One note: I accidentally ran SAS once in regular mode before I did it in safe mode. It detected 10 Adware Tracking Cookies, but because I realized I wasn't supposed to have done it, I x'd out of it without selecting anything to do. Then when I scanned it in Safe Mode, it didn't detect anything. Is that okay? ))

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2010 at 11:25 PM

Application Version : 4.34.1000

Core Rules Database Version : 4633
Trace Rules Database Version: 2445

Scan type : Complete Scan
Total Scan Time : 00:22:07

Memory items scanned : 219
Memory threats detected : 0
Registry items scanned : 3954
Registry threats detected : 0
File items scanned : 15040
File threats detected : 0


Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 11:40:36 PM
mbam-log-2010-03-02 (23-40-36).txt

Scan type: Quick Scan
Objects scanned: 117750
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 03 March 2010 - 11:22 AM

Hello :thumbsup:

Regarding your comment that SUPERAntiSpyware found 10 tracking cookies, but you didn't tell it to do anything, and later ran SUPERAntiSpyware in Safe Mode and it didn't find anything..........
Did you run ATF Cleaner in between the scan where it found 10 tracking cookies, and where it found nothing?
If yes, that COULD explain why SUPERAntiSpyware didn't find the 10 tracking cookies the next time (because ATF Cleaner gets rid of temp files, cookies, etc.)
Another possible explanation could be that the 10 tracking cookies were removed during the scan that they were found in.
If you'd like to confirm this, you can check your scan results logs in SUPERAntiSpyware:
Hit the Preferences button (Right side of the SUPERAntiSpyware screen),
then, across the row of tabs, hit the tab called "Statistics/Logs", and you'll see a list of all the scan results.
Click a scan from the list, hit the View Log button. It will open in Notepad.
You can go through all the results to see if the scan that found the 10 tracking cookies, also removed them.

During the time frame when you posted your orig topic here, have you scanned with Malwarebytes' ?
It would be interesting to see what the scan results were.
Do you keep your Malwarebytes' updated daily ? (Many days I am able to update my Malwarebytes' TWICE in the same day.) Malwarebytes' is very good about adding new definitions to its database, so it will detect the latest variations in malware/spyware/trojans/etc.

It would be helpful (for one of the official staff members) to be able to see your Malwarebytes' logs THAT FOUND INFECTIONS, so they would know what you had. When they are able to see that information, sometimes it alerts them that additional (different) scans, or other specialized tools are needed to make sure you are infection free.

If you haven't updated your Malwarebytes', do that, and scan.
Then post your Malwarebytes' logs (previous logs and the today one) for an official staff member to say whether you are good to go, or whether you need to do additional things.

Also, it would be helpful to know what AVG finds/found. I used to have AVG and I used to check my scan results every day. I don't have it anymore, and I don't have the steps memorized to tell you how to view the AVG scan results. It wasn't difficult, and it only took a few seconds to view them. So if you are able, please reply back with what AVG found.

Also, what firewall are you using? Windows Firewall, or other firewall ?
It's important to have/use a firewall, and if you do not have one, there are free firewalls listed here:
Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html
If we don't change the direction we are going,
We are likely to end up where we are headed.

#7 Kitties

Kitties
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 03 March 2010 - 09:02 PM

I did use ATF Cleaner between my initial SAS scan and the next one. I think that is what nabbed those cookies. Today, I turned on my computer, started up Mozilla, and (once again) the page loaded as "Untitled" each time I refreshed. I ran Malwarebytes, and I had three infections. I don't understand what is happening. Whenever I leave my computer alone for too long, Malware pops up. I've started shutting it down whenever I am not on it for fear that I could have Malware/Viruses running rampant on my computer in my absence.

Here is the log from my scan today:

Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/3/2010 8:47:50 PM
mbam-log-2010-03-03 (20-47-50).txt

Scan type: Quick Scan
Objects scanned: 117662
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\spoolsvc.exe (Trojan.Inject) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spooler subsystem app (Trojan.Inject) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spoolsvc.exe (Trojan.Inject) -> Delete on reboot.

I installed Malwarebytes on February 22, 2010. Here is the very first log I ever did:

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

2/22/2010 1:40:06 PM
mbam-log-2010-02-22 (13-40-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 130557
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\local security authority service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.

This might make me sound inept...

I have no idea what my firewall is, or how to check for it. I also do not know how to find AVG logs. Sorry, sorry. I'm not very computer-savvy. Also -- this might be useful. Whenever my internet browser won't load pages, I run Malware, get rid of the infections, and suddenly everything is okay again. But this happens almost every day. How do I continue to be reinfected? It seems like whatever this is is targeting me the same way each time.

Edited by Kitties, 03 March 2010 - 09:04 PM.


#8 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 04 March 2010 - 02:16 PM

Hello :thumbsup:
Not knowing everything in the entire world does NOT make you inept, so don't feel bad.
You will learn alot during this process and there are lots of EXCELLENT tutorials on this site for later.

ATF Cleaner is a good thing to use on a regular basis. It wouldn't hurt to use it DAILY.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The 03-03-10 Malwarebytes' scan shows an OLD database version of 3817.

Update your Malwarebytes' and run another scan.

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial
This tutorial has a screen shot of the Malwarebytes' screen, showing the Updates tab.
That's where you update Malwarebytes'.
As of right now, the most current database version is 3824.
By the time you update yours, a newer version might be out.

Malwarebytes' is very good about updates, sometimes TWICE in one day.
In order for Malwarebytes' to do its best work for you, give it the most current database definitions.
Also, see the Troubleshoot section of this tutorial, (the error 732 section) and check your Internet Options,
to see if that has anything to do with your web pages sometimes loading "Untitled".
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Regarding scan results in AVG:
I finally found some screen shots of AVG :flowers:
http://avg-free.software.informer.com/screenshot/
When you have the main AVG screen open, hit History (up top).
See if that gives you a choice to view Scan Results.
I found a screen that shows what the Virus Vault looks like:
http://avg-free.software.informer.com/screenshot/104794/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I don't know if it is a case of you have not completely cleared the computer of all infections, and the already existing ones are showing up, or if NEW infections are getting through.
There are many different ways that "bad things" can get into your computer.
A firewall is one step (in the process of many things to be vigilant about) towards securing your computer and blocking "bad things".
In today's world of an "always on" internet connection (like through the cable company with a cable modem, or DSL, etc) there is a greater need to protect your computer with a firewall.
Basically, a firewall blocks incoming/outgoing threats to your computer.
Windows XP SP2 includes a firewall.
Some people use the Windows firewall, and other people install firewall programs like ZoneAlarm, Online Armor, etc. There are many different free firewall programs, and they're listed here: (5th category down from the top):
Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html
Look through that list, and see if you have any of the Firewall programs listed.
If you don't have any of those programs, check to see if your Windows Firewall is turned on (enabled).

Here are links that give you step by step (with screen shots on the Windows XP one) instructions for the Windows Firewall.
I don't know if you have Windows XP or Windows Vista, so am including both:

Windows XP Firewall:
http://www.microsoft.com/windowsxp/using/n...infirewall.mspx

Windows Vista Firewall:

http://windows.microsoft.com/en-US/windows...ewall-on-or-off

Enabling the Windows Firewall is a good step toward protecting your computer.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Not having your Windows Updates current can let "bad things" in your computer.
Microsoft frequently has Windows Updates to address "security vulnerabilities".
Making sure you stay current on Windows Updates is VERY IMPORTANT.
I don't know if you have "Automatic Updates" turned on.
Make sure you have all "critical" Windows Updates.
Here are links for both Windows XP and Windows Vista, for how to turn on Automatic Updates:

Windows XP
http://www.microsoft.com/windows/downloads.../windowsxp.mspx

Windows Vista
http://www.microsoft.com/windows/downloads...ndowsvista.mspx
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Another way that "bad things" get into your computer are by having OUTDATED programs.

Adobe Reader should be updated.
Don't use an OLD version.
See the article on the main page of this site:
http://www.bleepingcomputer.com/
Adobe issues updates to Reader and Acrobat to address critical vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Java is another program, that if not updated, can allow "bad things" to enter your computer.
A fast way to find out if you have the most recent update is to go to the main Java web page:
http://www.java.com/en/
and click on the link that says "Do I have Java?" that is directly below the big red button.
It will take you to a web page that tells you what version you have.
The link below is where you can download the Java updates:
http://www.java.com/en/download/manual.jsp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Until you are certain that you are free of infections (declared "clean" by an OFFICIAL STAFF MEMBER),
you could disconnect the internet from the infected computer, and use it only when absolutely necessary
(example doing scans, and getting your Windows Updates, updating Adobe Reader, Java, and checking back here.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Please reply back with the results of the next Malwarebytes' scan (after you update it), and do the same thing,
copy/paste the ENTIRE CONTENTS of the scan log into your next reply for an official staff member to help you with.
Also, in your next reply, state what, if any, symptoms you are still experiencing.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#9 Kitties

Kitties
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 14 March 2010 - 08:14 AM

Sorry this has taken me so long. I've been on spring break.

I am still experiencing problems, and now, when I reboot, my computer doesn't seem to be able to let me into SafeMode, which has me pretty terrified. Before I even reach the Windows XP loading screen, it takes me to a black screen with white text (it looks just like the font/size that would be there if I was in the SafeMode screen) that says something about a missing diskette, and I can press F1 to continue or F2 to go to setup.

I had Adobe 9, but I downloaded 9.3 after I read the bulletin. I tried to install it, but during the process, a window popped up that said "Error1316" and said that a file (I can't copy paste it, but it ends: AdbeRdr930_en_US.msi) was preventing the installation.

I went to the Java website, and it said this, "Oops! You don't have Java installed or you have a version less than 1.4.2" So... I think that means I don't have it. I'm not sure how old the 1.4.2 version is, but I don't think I ever installed it. If you think I should install the updated version to be safe, let me know.

I went to check if I have automatic updates enabled for Windows XP. I didn't. So I turned those on and updated my computer. It made me use Internet Explorer to do so, which bothered me, and it made me verify that I had a genuine copy of Windows. I thought I did, but it told me that I do not. It said, "This copy of Windows did not pass genuine validation.
The product key found on this computer is a Volume License Key (VLK) that has been blocked." But earlier, it said that only genuine Windows users could get updates. So now I am not certain that it updated at all, and I have no idea how to check. A computer friend had to wipe and restore this computer, but I don't know if he borrowed someone's code or something when he restored...? Does that make sense? I don't know. I have no idea why it didn't pass the genuine Windows test.

I went into my Control Panel, found my Windows Firewall, and saw that it was not turned on. I can't believe I didn't have my firewall on. Wow. But I have turned it on now.

OKAY. Whew. I think I went over all of the points of your post. If I missed something, please let me know. You are being very helpful.

Here is my AVG Virus Vault log:

"Infection";"Virus identified Worm/AutoRun.IN";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\x[1]";"";"2/21/2010, 9:34:08 PM"
"Infection";"Virus identified Win32/Themida";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OL6N0TUV\x[1]";"";"2/21/2010, 9:34:08 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\WINDOWS\system32\x.exe";"";"2/21/2010, 9:38:23 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\MVUT090P\x[1]";"";"2/22/2010, 8:30:43 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\WINDOWS\system32\x.exe";"";"2/22/2010, 8:34:57 PM"
"Infection";"Virus found Win32/Heur";"C:\WINDOWS\system32\asr_11218.exe";"";"2/22/2010, 10:55:54 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4LYBS9U7\x[1]";"";"2/23/2010, 10:29:14 PM"
"Infection";"Virus identified Win32/Themida";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\x[1]";"";"2/23/2010, 10:29:14 PM"
"Infection";"Virus found Win32/Heur";"C:\WINDOWS\system32\asr_10258.exe";"";"2/23/2010, 10:33:08 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\WINDOWS\system32\x.exe";"";"2/23/2010, 10:33:12 PM"
"Infection";"Trojan horse BackDoor.Ircbot.JPS";"C:\WINDOWS\system32\asr_58156.exe";"";"2/24/2010, 8:05:41 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01234567\x[1]";"";"2/26/2010, 1:02:41 PM"
"Infection";"Virus identified Worm/AutoRun.IN";"C:\WINDOWS\system32\x.exe";"";"2/26/2010, 1:06:50 PM"
"Infection";"Trojan horse SHeur2.BZWP";"C:\WINDOWS\system32\Ms17.exe";"";"3/2/2010, 1:12:50 PM"
"Infection";"Trojan horse SHeur2.BZWP";"C:\WINDOWS\system32\Ms17.exe";"";"3/2/2010, 3:03:02 PM"

I updated and scanned today, and it came up clean.

I feel like I run Malwarebytes all the time. I know when I have some malware because I open Mozilla and it loads an "Untitled" page, like my original post said. This happens very frequently. If I leave my computer unattended for several hours and come back, I typically will have this malware crop up. I don't understand... Anyway, I updated it today and ran the scan, which came up clean, but I'm going to post the long, terrible history of my malware attack too. It will be long, especially because I tend to scan multiple times when I am nervous something is wrong...

Scan from today:

Malwarebytes' Anti-Malware 1.44
Database version: 3865
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/14/2010 7:15:20 AM
mbam-log-2010-03-14 (07-15-20).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 134653
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Entire Malwarebytes History:

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

2/22/2010 1:40:06 PM
mbam-log-2010-02-22 (13-40-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 130557
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\local security authority service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/22/2010 2:14:31 PM
mbam-log-2010-02-22 (14-14-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 131328
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/22/2010 8:29:38 PM
mbam-log-2010-02-22 (20-29-38).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/23/2010 1:47:05 PM
mbam-log-2010-02-23 (13-47-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 132029
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/23/2010 10:36:19 PM
mbam-log-2010-02-23 (22-36-19).txt

Scan type: Quick Scan
Objects scanned: 116771
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/25/2010 10:29:13 PM
mbam-log-2010-02-25 (22-29-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132218
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/26/2010 1:22:10 PM
mbam-log-2010-02-26 (13-22-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132269
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\Isass.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\local security authority service (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Isass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/26/2010 1:32:05 PM
mbam-log-2010-02-26 (13-32-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132275
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/1/2010 11:57:04 AM
mbam-log-2010-03-01 (11-57-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132268
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/1/2010 4:35:25 PM
mbam-log-2010-03-01 (16-35-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132392
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows network firewall (Trojan.Proxy) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/1/2010 4:51:44 PM
mbam-log-2010-03-01 (16-51-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132394
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 1:19:19 PM
mbam-log-2010-03-02 (13-19-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132603
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 9:50:27 PM
mbam-log-2010-03-02 (21-50-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132510
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\winamp.exe (Backdoor.Bot) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winamp agent (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\firewall.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winamp.exe (Backdoor.Bot) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 10:04:50 PM
mbam-log-2010-03-02 (22-04-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132346
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 10:28:07 PM
mbam-log-2010-03-02 (22-28-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132509
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows logon application (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2010 11:40:36 PM
mbam-log-2010-03-02 (23-40-36).txt

Scan type: Quick Scan
Objects scanned: 117750
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/3/2010 8:47:50 PM
mbam-log-2010-03-03 (20-47-50).txt

Scan type: Quick Scan
Objects scanned: 117662
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\spoolsvc.exe (Trojan.Inject) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spooler subsystem app (Trojan.Inject) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spoolsvc.exe (Trojan.Inject) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/3/2010 9:13:08 PM
mbam-log-2010-03-03 (21-13-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 132906
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/13/2010 9:44:06 PM
mbam-log-2010-03-13 (21-44-06).txt

Scan type: Quick Scan
Objects scanned: 15
Time elapsed: 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.44
Database version: 3865
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/13/2010 9:47:17 PM
mbam-log-2010-03-13 (21-47-17).txt

Scan type: Quick Scan
Objects scanned: 119683
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\spoolsvc.exe (Backdoor.Bot) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spooler subsystem app (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spoolsvc.exe (Backdoor.Bot) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.44
Database version: 3865
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/14/2010 1:39:27 AM
mbam-log-2010-03-14 (01-39-27).txt

Scan type: Quick Scan
Objects scanned: 119697
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\csrs.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\client server runtime process (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\csrs.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.44
Database version: 3865
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/14/2010 7:15:20 AM
mbam-log-2010-03-14 (07-15-20).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 134653
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I think that is the whole of it.

Despite all that we have done, I seem to still be running into the same issues, though I realize now that might have had something to do with having no firewall activated. I turn my computer off when I am not using it, but I still use it at home. If I should not be doing that, please let me know.

Annnd... I think that's it. Go-go, Team ComputerSave!

[edit] Also -- is it okay to use ATF-cleaner in normal mode? Or do I have to be in SafeMode?

Edited by Kitties, 14 March 2010 - 08:17 AM.


#10 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 14 March 2010 - 10:37 PM

Hello :thumbsup:

To answer your question about running ATF Cleaner in Safe Mode...
I searched this site, and found a post by boopme (Moderator) that does say to use ATF Cleaner in Safe Mode.
source: Post # 7 by boopme (Moderator): http://www.bleepingcomputer.com/forums/t/301987/antivirus-2010/


Regarding not being able to get into Safe Mode...
SuperAntiSpyware has a "Repair" feature.
One of the things it repairs is a broken Safeboot key.
source: Post # 2 by boopme (Moderator):
http://www.bleepingcomputer.com/forums/ind...broken+safeboot


Regarding your getting this message when trying to do Windows Updates,
"This copy of Windows did not pass genuine validation.
The product key found on this computer is a Volume License Key (VLK) that has been blocked.
"...
if the computer friend used someone else's VLK (Volume License Key), that would explain why you are unable to get Windows Updates (leaving your computer with security vulnerabilities, that can let "bad things" into your computer.
Here's additional information on this subject: (Post by Dan at IT Associates)
"VLKs are blocked by Microsoft at the request of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, MS may have blocked the key if it notices a pattern of misuse, ie, more installations of XP using that key than authorized.
As a rule, VL editions of XP should not be sold to individual consumers. Businesses, schools and gov'ts normally use VL editions for flexibility in installing many computers. Also, Volume Licenses for XP are Upgrade only licenses and cannot be used as the original license for the computer
."
source: http://social.microsoft.com/Forums/en-US/g...47-16249f4659fd


Regarding the Error 1316 message when trying to update Adobe Reader,
I am reasonably certain this is the issue: (Reply # 3 by ~graffiti)
"Normally, this is an issue with the installer files. They can be cleaned up by installing and running the Microsoft Installer Cleanup Utility and removing any instances of Reader then reinstalling Reader."
source: http://forums.adobe.com/thread/393338
See these Microsoft topics:
How to resolve Common "Windows Installer" Problems
http://support.microsoft.com/kb/555175
Windows Installer CleanUp Utility
http://technet.microsoft.com/en-us/magazin...ht.aspx?pr=blog


Regarding Java, you can look in Add/Remove Programs to see what version (if any) is installed.
Start button, Settings, Control Panel, Add/Remove Programs, look for Java.
Old/outdated Java is a security vulnerability.


I am not authorized to help with logs. (I'm not an official staff member.)
"only trained members of the following groups: Malware Response Team, Malware Study Hall Senior, Moderators or Administrators are allowed to help people with logs."
source: http://www.bleepingcomputer.com/forums/t/126946/a-reminder-to-our-members-regarding-malware-logs/

There is another forum, "Virus, Trojan, Spyware, and Malware Removal Logs"
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
where you will get the BEST HELP THERE IS, from a member of the Malware Response Team.
You are having VERY STUBBORN removal issues.
This could be an indication of very serious infection(s).
Read this topic:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Step 9 gives you the link to post a new topic in the b]Virus, Trojan, Spyware, and Malware Removal Logs forum[/b].

When you post a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, include a link to THIS topic, so they can see your previous logs, and have info on what has transpired so far.

Also, after you post a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, do not make ANY CHANGES to your computer, and only follow the advice of OFFICIAL STAFF MEMBERS:
Malware Response Team, Malware Study Hall Senior, Moderators or Administrators


Do be patient, because they have LOTS of people to help.
If you need to add any additional information to your post, use the Edit button, and avoid using the Add Reply button, because they will look for posts that have 0 Replies.
If they see a post with replies, it will look like someone is already helping you.


Best of luck to you :flowers:

Warm Regards,

Sashacat
If we don't change the direction we are going,
We are likely to end up where we are headed.

#11 Kitties

Kitties
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 15 March 2010 - 10:43 AM

Okay, I don't have Java. So that's good. Ever since I went to activate automatic updates on my computer, Microsoft is trying to get me to install "Validation Software" but it still gave me a ton of updates today, mostly security-related. It still makes me paranoid. I hate downloading anything when there is something wrong.

But! I also have the 9.3 version of Adobe so I think I actually got the error for trying to install something that was already there.

I took your advice and started a thread in that forum. I can't seem to unzip the GMER file though so I didn't follow all the steps exactly. Eeee...

You have been wonderful! Thank you so much, really. You have been amazing.

[edit] Oh, only downside. I don't seem able to follow the instructions to repair my SafeMode. What tab is he referring to? I didn't find a tab when I loaded SAS. Am I looking for the wrong thing? I might need a more step-by-step version to figure that out.

Edited by Kitties, 15 March 2010 - 10:45 AM.


#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:11 AM

Posted 15 March 2010 - 04:16 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/302697/persistant-malware-cannot-identify-single-virus/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users