Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can usually fix these things myself, but...


  • Please log in to reply
No replies to this topic

#1 chrissy1973

chrissy1973

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Upstate NY
  • Local time:05:05 PM

Posted 20 July 2010 - 06:29 PM

First of all, I am a Windows XP Home User and my primary browser is Mozilla Firefox.

Over the past day or so I have been getting warning messages from AVG about a "HTML-Framer". I have clicked to remove it as a power user and it has gone away. Then today things escalated and I started getting Trojan warnings. I stopped everything I was doing, turned off system restore and ran Malwarebytes. Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4333

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/20/2010 5:34:11 PM
mbam-log-2010-07-20 (17-34-11).txt

Scan type: Quick scan
Objects scanned: 147432
Time elapsed: 18 minute(s), 13 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
C:\Documents and Settings\Chrissy\Local Settings\Temp\qdliolqr.exe (Rootkit.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Chrissy\Application Data\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Chrissy\Local Settings\Temp\4.tmp (Rootkit.Dropper) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows services (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Chrissy\Local Settings\Temp\4.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Chrissy\Local Settings\Temp\qdliolqr.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chrissy\Local Settings\Temp\6.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chrissy\Local Settings\Temp\9.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chrissy\Local Settings\Temporary Internet Files\Content.IE5\C1CO0ITV\PPI[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chrissy\Application Data\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chrissy\Application Data\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.


---

Ok so I rebooted and started up AVG. That's still scanning, but it already came up with two items that it says are blocked from removal:

Phoenix Exploit Kit (type 1112)
Rogue Scanner (type 871)

What do I do to remove them if AVG is blocked from doing so? I'm really frustrated because I'm the one that friends and family go to when THEIR computers get infected! I'd appreciate your assistance ASAP. I am posting this from my desktop; it is only my laptop that has the infection (but only the bedroom has AC, not where the desktop is so...)

I'd appreciate any help you could give !
Chrissy
Chrissy1973

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users