Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Gone (?) but Continuing Issues


  • Please log in to reply
10 replies to this topic

#1 morris145

morris145

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 17 July 2010 - 05:35 AM

My two younger children apparently downloaded viruses while playing games on my computer. I used Malwarebytes to scan and clean viruses, and that has solved many of my problems. The latest scans come back completely "clean".

Currently, I can get to the login screen and can load Windows (Vista SP2) if I do not run on my Admin account. However, IE, Windows Live OneCare, Securty Center, Firewall, etc. do not run and cannot be successfully started. Applications like MS-Office seem to work fine though.

If I try to log into Windows on my Admin account, the screen goes blank (just the cursor remains) and the system hangs there. I can log into Admin account only in “Safe” mode. In “Safe” mode IE does work, but MicroSoft (I guess) does not permit some of the other security software to run in “Safe” mode.

Thoughts?

Thanks in advance, Bob

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:29 PM

Posted 17 July 2010 - 11:40 AM

Did you run scans with anything...other than Malwarebytes?

What AV is installed?

Louis

#3 morris145

morris145
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 17 July 2010 - 02:10 PM

Windows Live OneCare is my AV. I have not been able to get that to run at all. I also cannot get any of the other MicroSoft AV's from their website to run now.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:29 AM

Posted 19 July 2010 - 03:15 AM

Windows Live OneCare is my AV. I have not been able to get that to run at all. I also cannot get any of the other MicroSoft AV's from their website to run now.



With the information you provided then I would perform the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#5 morris145

morris145
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 22 July 2010 - 05:17 AM

So, in the interim, I had gotten an e-mail back from MS-Support. They had me change the clock back on my computer and then go in and manually delete the OneCare registry key. It sounds like this may be a problem for many people running Vista and OneCare. This solved my problem of only being able to log in under "Safe" as Admin, else get a black screen with just a cursor.

With that said, I had already run the anti-malware, and it did find infected files and cleaned them. I do not know what the effect of the viruses were on my particular problem, but even when cleaned, I still had most of the same problems that were not corrected until deleting the OneCare registry.

With the Moderator's permission, I can post up the e-mail instructions from Microsoft.

Edited by morris145, 22 July 2010 - 05:56 AM.


#6 mrscllc

mrscllc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 22 July 2010 - 02:51 PM

I would be interested in seeing the email instructions from Microsoft as I am having the EXACT same issues.. I would be interested in knowing if we had the same malware deleted as well. Maybe it has something to do with the end of the Windows Live One Care term of service.... Please update when you hear from the board moderator. If you are unable to post the email instructions here, I will be emailing microsoft myself.

#7 morris145

morris145
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 22 July 2010 - 04:25 PM

OK. Will do. I think it does have a lot to do with the OneCare expiration (maybe everything).

Regarding the malware, I may have overwritten the logs when I did subsequent scans, but I'll look.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:29 AM

Posted 22 July 2010 - 04:57 PM

The logs are all kept within the program.

#9 morris145

morris145
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 22 July 2010 - 07:40 PM

Here is the log prior to scan and cleaning . . .

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

7/16/2010 6:54:17 AM
mbam-log-2010-07-16 (06-54-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 319171
Time elapsed: 51 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{876dc38b-e22b-414a-a383-c6d291378b09} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{545c36ae-8bb0-49c3-bae6-bab80835434e} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7bbc69a-eb7b-455b-8273-1589b8c7e9dd} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e67d5bc7-7129-493e-9281-f47bdaface4f} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57cadc46-58ff-4105-b733-5a9f3fc9783c} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\runit (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\tbhelper.dll (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Windows\jkjl0170.exe (Adware.IEToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\basis.xml (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\date2.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\icons.bmp (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\info.txt (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\lw.crc (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\lw.dll (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\lwpopper.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\popper3.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\popup1.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\popup2.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\uninstall.exe (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\version.txt (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IEToolbar\Bullseye Tool Bar\your_logo.png (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\runit\runitu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 22 July 2010 - 09:34 PM

As that is an older database please Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 morris145

morris145
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 27 July 2010 - 07:05 PM

Here's the updated (and "clean" log).

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4359

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/28/2010 7:53:59 PM
mbam-log-2010-07-28 (19-53-59).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 351972
Time elapsed: 1 hour(s), 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users