Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/virus has taken over as Administrator etc.


  • Please log in to reply
1 reply to this topic

#1 carameldrops

carameldrops

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 30 April 2010 - 01:53 PM

a virus or spyware that has taken over my administrator rights on my computer, task bar and registry are disabled too.. i get pop up msg every time i open firefox and redirected me to this site - http://search.conduit.com/?ctid=CT2418376&....earchSource=13.. and whenever I go to use a program, it asks "what program would you like to open this with" and it deletes application of programs i already installed T_T

i did some scanning but failed to clean infected files


any advice you could give would be so grateful for.. I am hoping to avoid having to do a total reinstall.. T_T

thanks in advance, for your responses.

EDIT: here is a quick scan using Malwarebyte Anti-Malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

5/1/2010 11:24:23 AM
mbam-log-2010-05-01 (11-24-23).txt

Scan type: Quick scan
Objects scanned: 121428
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser (Rogue.SpyEraser) -> No action taken.

Files Infected:
C:\WINDOWS\system32\logonui.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\SpyEraser Help.lnk (Rogue.SpyEraser) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\SpyEraser.lnk (Rogue.SpyEraser) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\Uninstall SpyEraser.lnk (Rogue.SpyEraser) -> No action taken.

Edited by carameldrops, 30 April 2010 - 10:30 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 PM

Posted 05 May 2010 - 05:11 PM

Download this file and save it to your desktop:

http://download.bleepingcomputer.com/grinler/rkill.scr

Double-click the file to run it. A command window will open briefly. Then run another quick scan with Malwarebytes. Post the Malwarebytes log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users