Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Virus Action: Malwarebytes scan comes up with no results!


  • Please log in to reply
3 replies to this topic

#1 BCgirl

BCgirl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 November 2010 - 06:04 PM

PLEASE PLEASE HELP.

This is the second time I've been hit with one of these rogue trojan dealies. I vanquished the "Security Suite" one a few months ago buy following the instructions (Rkill, malwarebytes) and those worked like a charm!

I've been following the instructions on how to get rid of "Anti Virus Action"

1. I went into Safe Mode.
2. I downloaded Rkill and ran that (no results for stopping anything, but thats what happened the first time I used it to get rid of the "security suite" trojan)
3. Then I uninstalled and reinstalled and updated Malwarebytes. I have run the full scan 3 times today. Each time it comes up with "no results"!!

I am not sure where to go from here. Are there other steps I need to take? Or are there other programs I can use?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 05 November 2010 - 08:50 PM

Have you run steps 18,19 & 20 ?? Very important.
Is this XP??

Please post the MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 BCgirl

BCgirl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 07 November 2010 - 05:08 PM

Thank you so much for your quick reply and for your help!!! I believe the problem is fixed now.

Here is the MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5055

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/5/2010 5:25:47 PM
mbam-log-2010-11-05 (17-25-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 318775
Time elapsed: 40 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I followed through with steps 18, 19 & 20. I think that really did the trick.

And then I followed the rest your instructions. Ran the ATF clearner and SUPER. After I ran super and rebooted no "anti virus action" things popped up and I am able to run programs again. I'll be sure to follow through with the rest of the guide and download Secunia.

Here is the log for SUPER:
File items scanned : 183624
File threats detected : 27

Adware.Tracking Cookie
cdn.eyewonder.com [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
core.insightexpressai.com [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
media1.break.com [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
msnbcmedia.msn.com [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
objects.tremormedia.com [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
s0.2mdn.net [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
secure-us.imrworldwide.com [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
sftrack.searchforce.net [ C:\Users\Briana\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5V4P44SZ ]
C:\Users\Briana\AppData\Roaming\Microsoft\Windows\Cookies\Low\briana@ad.wsod[2].txt
C:\Users\Briana\AppData\Roaming\Microsoft\Windows\Cookies\Low\briana@doubleclick[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @2o7[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @adopt.specificclick[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @ads.pointroll[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @advertising[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @at.atwola[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @atdmt[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @atwola[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @cdn.at.atwola[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @cookie.neuroticmedia[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @edge.ru4[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @license.nmp.neuroticmedia[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @msnportal.112.2o7[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @neuroticmedia[1].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @realmedia[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @revsci[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @specificclick[2].txt
C:\Users\Briana\Desktop\Briana's Documents\Cookies\briana @tribalfusion[1].txt

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 07 November 2010 - 06:13 PM

Excellent..
Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
  • USB-Based Malware Attacks.
  • When is AUTORUN.INF really an AUTORUN.INF?.
  • Please disable Autorun asap!.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users