Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP AntiMalware 2010 removal


  • Please log in to reply
4 replies to this topic

#1 LeBoW120

LeBoW120

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:03 AM

Posted 24 April 2010 - 08:02 PM

Hi,

I seem to be infected with XP AntiMalware 2010. I ran Malwarebytes' Anti-Malware scan and removal. That appeared to have done the job until the b*stard popped back again minutes later. Another scan just got rid of it but I'd like to know of another way of removing it that's permanent.

Any help?

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,008 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:03 AM

Posted 24 April 2010 - 08:15 PM

Hello,

There is a removal guide for this infection here: http://www.bleepingcomputer.com/virus-remo...irus-vista-2010

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 24 April 2010 - 10:58 PM

Also after performing that scan,please post the scan log and an update on how things are.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 LeBoW120

LeBoW120
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:03 AM

Posted 27 April 2010 - 02:46 PM

Hi,

Sorry for the late reply. Did as instructed and seems to have done the trick. Scan results below.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4033

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

25/04/2010 01:55:41
mbam-log-2010-04-25 (01-55-41).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 185985
Time elapsed: 1 hour(s), 17 minute(s), 8 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
E:\Documents and Settings\Adam\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("E:\Documents and Settings\Adam\Local Settings\Application Data\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\Documents and Settings\Adam\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 28 April 2010 - 12:21 AM

boopme has gone on holidays so I'll see if I can help you out.

If you didn't reboot your computer at the end of the Malwarebytes scan do so now. Then run the scan again and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users