Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I STILL infected?


  • Please log in to reply
No replies to this topic

#1 CannibalZ3

CannibalZ3

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 21 May 2010 - 07:46 AM

Saintly Protectors of the Technically Inept,
I've recently moved to a country where internet connections are more or less a bad joke. The internet is very slow and, quite often, going to a web address I know to be good will result one of two messages: 'can't find the server,' consistent with a bad internet connection, or 'connection to server interrupted.' Whatever comes up is always very slow. It dawned on me that I might have a virus when I compared my computer side-by-side with a colleague's, who was on the same connection. Pages on his computer didn't have the same connection problems. Two AVG scans, one regular and one command line in Safe Mode came back with nothing. So I downloaded MBAM and ran a full MBAM scan, which came back with this:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4122

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/21/2010 4:25:41 PM
mbam-log-2010-05-21 (16-25-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 266528
Time elapsed: 1 hour(s), 22 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333} (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e} (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AutocompletePro.DLL (Adware.PredictAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro2_is1 (Adware.PredictAd) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\support@predictad.com (Adware.PredictAd) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults\preferences (Adware.PredictAd) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\AcRemoteUpdate.exe (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\InstTracker.exe (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\TaskScheduler.dll (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\unins000.dat (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\unins000.exe (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome.manifest (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\install.rdf (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js (Adware.PredictAd) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js (Adware.PredictAd) -> Quarantined and deleted successfully.





Pretty impressive, huh? The problem is, I'm still having the same connection problems, so maybe it wasn't all this junk after all. I ran a quick MBAM scan that came back empty after a reboot. I have some questions:

-I'm not an expert, but these look relatively benign. Is it possible my computer problems are being caused by something else altogether?
-Is all this junk really gone? Do I need to do more to get these infections off?
-How can I tell whether the problem is with the connection or my computer?
-Why didn't AVG, which is fully updated, pick these up?

Many thanks for help in the past, present and potentially future,
-Z

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users