Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows security alert virus


  • Please log in to reply
18 replies to this topic

#1 doncota25

doncota25

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 22 March 2010 - 08:35 PM

I got pop ups for windows security alert and now all these porn sites are popping up and I can't do anything. We got this at work in Dec and someone from here helped me remove it. It was time consuming but it worked well. Can anyone help PLEASE

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:34 PM

Posted 22 March 2010 - 08:46 PM

BC Removal Guide, Windows Security Alert

There are a number of these bogus programs...users need to provide accurate names to obtain the appropriate attempted solutions.

Louis

#3 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 22 March 2010 - 09:30 PM

I'm sorry but I'm not sure how to tell. I seems many different names keep popping up. I not all to computer savvy but I can follow most directions really well and have sucessfully removed this virus at work before with help from one of your assistants. The windows security alert virus popped up and went crazy. It says rundll32.exe is infected and I also saw win32/nugel.L and I think bankerA. I have already downloaded rkill to another computer and put it on a flash drive and run it on the infected one. I did the same with malware bytes and renamed it zztoy.exe. It did find two items but the computer still seems to be in bad shape. I hope you can help me and I'm sorr if I did something incorrectly. I'm not to familiar with this type of stuff. Any help would be greatly appreciated. Donna

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:34 PM

Posted 22 March 2010 - 10:11 PM

Hi Donna, do you have internet here yet?
Is this XP or Vista?

Post that MBAM log you have.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

These can also be loaded to the Flash Drive if needed

Run FixExe.reg

FixExe.reg
....click Run when the box opens


Now run TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run SAS, If you cannot run this in safe mode use normal and let me know.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 22 March 2010 - 11:58 PM

No internet when I started SuperSpyware in safe mode and it is xp. It is running now. I will post the log file when it finishes but it may be tomorrow as it may be pretty late by the time it finishes. I will post the MBAM file as well. Hopefully I will have internet, it will be much easier. Thanks so much for your help. Donna

#6 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 March 2010 - 07:25 AM

Tuesday morning. I'm off to work but still no internet. Super spyware ran in safe mode. I wanted to post both logs before I left so here you go.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2010 at 00:49 AM

Application Version : 4.34.1000

Core Rules Database Version : 4714
Trace Rules Database Version: 2526

Scan type : Complete Scan
Total Scan Time : 03:39:39

Memory items scanned : 226
Memory threats detected : 0
Registry items scanned : 6702
Registry threats detected : 23
File items scanned : 43577
File threats detected : 50

Adware.Tracking Cookie
C:\Documents and Settings\FrankC\Cookies\frankc@naked[1].txt
.dotconnectmedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.server.cpmstar.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qoycef86.default\cookies.txt ]
C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt

Rogue.Component/Trace
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#Aff
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#AdvancedScanType
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#FirstRunUrl
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#AfterRegisterUrl
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#LabelUrl
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#TermsUrl
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#HelpURL
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#BillingURL
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#BillingUrlApproved
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#TransactionKey
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#BillingRegURL
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#BillingURL2
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#BillingUrlApproved2
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#LastRun
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#InstallDate
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#pPath
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#pName
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#SecurityVector
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#Scans
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478\Options#LastScan
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\09644647265248475956216027243478

Rogue.AntivirusSoft
HKU\S-1-5-21-823518204-343818398-1801674531-1003\Software\avsoft

Trojan.Agent/Gen-Keygen
C:\PROGRAM FILES\SUPERANTISPYWARE\KEYGEN.EXE




**** MBAM was run before Spyware****




Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/22/2010 7:02:16 PM
mbam-log-2010-03-22 (19-02-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 22491
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:34 PM

Posted 23 March 2010 - 09:38 AM

Hello Donna,someone used a Key generator and this infected your system as they always do.

Scans were good..
For the connection....
Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 March 2010 - 10:00 AM

Thanks, I'll try it when I get home. What concerns me is even after the Spyware scan when I rebooted normally I was still getting the pop up message. I had to leave for work so I had to use rkill to even open Superspyware and I left it scanning again in regular mode. I'll check the internet instructions when I get off but I think I already unchecked the use proxy box in ctl panel but I will try the DOS instructions. Thanks so much for bearing with me and have a good day!! Donna

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:34 PM

Posted 23 March 2010 - 12:51 PM

Ok,if we get hooked up... I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 March 2010 - 07:50 PM

Whoo Hoo!! I unchecked proxy settings and am on the internet. I ran the ESET online scanner and it found no threats so there was no list. The good news is that I have been on this computer for 2 hours now with no virus alerts or probems so far. Please let me know if I should do anything else. Hopfully things are looking up. Thanks, Donna

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:34 PM

Posted 23 March 2010 - 09:26 PM

Yes we need to do this as instructed it's important to do this once more ...

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 March 2010 - 09:57 PM

Will do

#13 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 March 2010 - 11:21 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/23/2010 9:16:39 PM
mbam-log-2010-03-23 (21-16-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 180138
Time elapsed: 48 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)


Here is the newest MBAM log However my avast is still coming up with a virus so I am going to reboot and let avast scan on reboot as they are instructing. Let me know what you think, and thank you so much for all your help



Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:34 PM

Posted 23 March 2010 - 11:46 PM

It did not update ..
yours Database version: 3510

Mine 3907

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware[/color]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 doncota25

doncota25
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 24 March 2010 - 07:49 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/24/2010 5:48:32 PM
mbam-log-2010-03-24 (17-48-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 193701
Time elapsed: 25 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
Ok I was able to update MBAM and I ran another scan, here are theresults.




(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users