Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thought I removed Antimalware Doctor / Alureon.H from my computer, still having problems.


  • Please log in to reply
No replies to this topic

#1 zettoo

zettoo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 21 July 2010 - 10:49 AM

Hello, this is a first post for me. I'm so happy to have found this site, and I hope that someone can help me.

I run Windows XP Professional 2002 version 3, and have Microsoft Security Essentials Version: 1.0.1963.0 / Antimalware Client Version: 2.1.6805.0 / Engine Version: 1.1.6004.0 / Antivirus definitions: 1.87.112.0 / Antispyware definitions: 1.87.112.0. I use Windows Firewall, but no other firewall program. Yesterday I installed Threatfire, but this was after I had a rogue program installed on my computer:


I got an 'Antimalware Doctor' rogue program 2 days ago, thought it was removed, but there are residual problems. When it popped up, I immediately turned off my computer to discontinue the internet connection, but it was still on when I restarted. I know these programs disable Windows Task Manager, so the first thing I did was pull that up so it could be on. I noticed a process called '070700setup.exe' running and I ended that process. That seemed to have stopped the Antimalware Doctor from doing anything immediate.

I ran a Microsoft Security Essentials full scan, and it found the following items:
virus: Win32/Alureon.H
Exploit: Java/CVE-2009-3867.EZ
Adware: win32/SpartAdsSolutions

the first 2 were Quarantined and the Adware was removed.


I then ran a full Malwarebytes scan, and removed the items it found. Here's the log from this scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4325

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/19/2010 1:50:58 AM
mbam-log-2010-07-19 (01-50-58).txt

Scan type: Quick scan
Objects scanned: 126551
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Valued Customer\Application Data\E39ABD4807BC04D2696F0D3C4A932143\070700Setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\DD.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\eivtqgg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\hoagfk.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\uhedyvt.exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\6D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

After I removed the items, my computer seemed back to normal. However, I began to notice that when i'd click on a link from a Google search, it often redirected me to another site. This doesn't happen with every search. It seems to be a common problem with this kind of rogue program, so obviously some of the remnants are still on my computer.

Also, since I had this, my Microsoft Security Essentials can't update their definitions. I haven't found a way to fix this problem.

Can someone help? I greatly appreciate it. Thanks!

Zettoo

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users