Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Infection


  • Please log in to reply
2 replies to this topic

#1 kdub38

kdub38

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 05 March 2010 - 10:08 PM

MBAM, SAS can remove "Total PC Defender" when it manifests, but can't see the underlying problem.

Sometimes the PC runs so slowly you would think that it's frozen. I usually go weeks or months without an infection, but now it happens daily.

mucho thank you in advance !

Edited by Orange Blossom, 05 March 2010 - 10:17 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:56 AM

Posted 06 March 2010 - 03:09 PM

Hi,

Total PC Defender is indeed often installed by other infections on your PC (see here).

Please download RKill by Grinler

Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links please let me know
Now run a scan with MalwareBytes and post me the scan log.

Casey

Edited by Casey_boy, 06 March 2010 - 03:10 PM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 kdub38

kdub38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 06 March 2010 - 06:10 PM

Thanks for responding. After running rkill, here's the latest MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/6/2010 4:50:30 PM
mbam-log-2010-03-06 (16-50-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 212886
Time elapsed: 1 hour(s), 58 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP242\A0026649.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users