Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • Please log in to reply
5 replies to this topic

#1 dyjodapa

dyjodapa

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 24 August 2010 - 02:35 PM

Hi,

Everytime I try to open a program a get a open with window. Is this a virus? My OS is Windows XP Home Edtion. My anti-virus is McAfee.

BC AdBot (Login to Remove)

 


#2 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:12:18 AM

Posted 24 August 2010 - 03:20 PM

This is sometimes attributed to viruses, but it isn't always the cause. Try to download this zip file and extract it. If you can't, let me know what happens and we'll go from there.

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

If you can extract it, double click on the xp_exe_fix.reg file and when prompted on whether you wish to merge the information to the registry, say yes or click OK to proceed.
Try opening a program like IE.

Post back with details of any error messages (exact messages are helpful if you can write them down) you encounter.

Once we get you set, we can run scans to ensure we catch any infections that may be present.

Edited by Galadriel, 24 August 2010 - 03:21 PM.

I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#3 dyjodapa

dyjodapa
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 25 August 2010 - 08:54 AM

Hi,

The open with window isn't there after a ran the program. But it is still slow.

#4 dyjodapa

dyjodapa
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 25 August 2010 - 09:57 AM

Hi,

I was instructed in chat to post a MBAM log so here it is:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4475

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/25/2010 9:56:25 AM
mbam-log-2010-08-25 (09-56-25).txt

Scan type: Quick scan
Objects scanned: 174033
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egodktf.brfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egodktf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\28264628 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464854.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464857.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464950.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\01011201014650120.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

#5 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:12:18 AM

Posted 25 August 2010 - 06:09 PM

How's it running now? Did you restart and do another scan after those removals took place to see if anything was left over? Try to give as much information as you can if you're still having issues. "It's slow" just isn't a lot to go on.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#6 dyjodapa

dyjodapa
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 25 August 2010 - 07:04 PM

Hi,

It is now running faster and clean.
Thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users