Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira found a virus and it was TR/Dropper.Gen


  • Please log in to reply
24 replies to this topic

#1 JJTJ

JJTJ

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 November 2010 - 04:50 AM

Hi im just new to this forums.. and i posted this topic because i nid ur help

well let me go straight to the point

when i was downloadin farmville clicker, avira notified me about a virus and it was tr/dropper.gen
he gave me some options and i choosed "delete"

after that i scanned immediately and i didnt found any virusses, but i had 1 warnings

well i was shocked with that virus alert i searched google how to remove that virus
and i saw one topics in bleeping compter about the same problem as me.. i did donloaded malwarebytes i scanned(quick scan) my system and OMG i found 150+(forgot the actual # but its 150+ infected files INFECTED FILES

then i saved the log , after that i opened that log with notepad and opened run and open some of the infected files
im sure ididnt open and REGISTRY files/key/data because i heard if u delete registry files then say bye bye to ur pc lol

well here is the log :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5186

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/25/2010 4:25:04 PM
mbam-log-2010-11-25 (16-25-04).txt

Scan type: Quick scan
Objects scanned: 148450
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 14
Files Infected: 127

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: c:\windows\system32\mpk\mpk.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: system32\mpk\mpk.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\mpk.exe) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> Files: 1523 -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\CPDA (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\CPDM (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Employee Monitor (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang (Refog.Keylogger) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Application Data\MPK\M0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Employee Monitor.lnk (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\S0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2\D0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2\S0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Employee Monitor\Order now!.lnk (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Employee Monitor\REFOG Employee Monitor on the Web.lnk (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Employee Monitor\REFOG Employee Monitor.lnk (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\key.bin (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\libeay32.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\lnkmst.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\logstart.vbs (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\loguninstall.vbs (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MpkNetInstall.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MPKView.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\ssleay32.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\trial_net.ini (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\unins000.msg (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\update_info.bin (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\zlib1.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\computer.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\file.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\filters.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\internet.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\logging.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\password.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\programs.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\update.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\computer.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\file.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\filters.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\internet.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\logging.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\password.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\programs.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_english.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_german.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_aeu.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_aus.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Brazilian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Brazilian.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\English.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\French.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\French.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\German.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\German.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Italian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Italian.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Polish.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Portuguese.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Portuguese.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Russian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> No action taken.

then i rested for awhile then i quick scanned again here is the log :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5186

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/25/2010 5:04:57 PM
mbam-log-2010-11-25 (17-04-57).txt

Scan type: Quick scan
Objects scanned: 149679
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 12
Files Infected: 123

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: c:\windows\system32\mpk\mpk.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: system32\mpk\mpk.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\mpk.exe) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\CPDA (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\CPDM (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang (Refog.Keylogger) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Application Data\MPK\M0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\S0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1\D0000 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1\I40507_7011669907 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1\I40507_7046392130 (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\key.bin (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\libeay32.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\lnkmst.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\logstart.vbs (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\loguninstall.vbs (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MpkNetInstall.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\MPKView.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\ssleay32.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\trial_net.ini (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\unins000.msg (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\update_info.bin (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\zlib1.dll (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\computer.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\file.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\filters.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\internet.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\logging.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\password.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\programs.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\update.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\computer.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\file.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\filters.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\internet.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\logging.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\password.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\programs.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_english.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_german.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\english.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\german.gif (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_aeu.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_aus.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Brazilian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Brazilian.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\English.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\French.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\French.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\German.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\German.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Italian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Italian.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Polish.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Portuguese.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Portuguese.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Russian.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> No action taken.
C:\WINDOWS\system32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> No action taken.



pls help me guys im just a kid... >:(

BC AdBot (Login to Remove)

 


#2 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 November 2010 - 04:52 AM

:busy: pls reply :(

Edited by elise025, 25 November 2010 - 05:31 AM.
Topic moved from XP to AII forum ~ Elise


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:35 AM

Posted 25 November 2010 - 04:38 PM

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.

Edited by quietman7, 25 November 2010 - 04:39 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 25 November 2010 - 11:29 PM

sorry but im a noob just a question should i click remove all infections in malwarebytes ? but im just scred that it might delete a file that wont let me to use the computer again ..

aand i just found out that the keyloggers was still installed in my computerafter i found it out i uninstalled it ill post the log later when the scan finishes

Edited by JJTJ, 26 November 2010 - 12:42 AM.


#5 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 26 November 2010 - 01:08 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5190

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/26/2010 2:06:53 PM
mbam-log-2010-11-26 (14-06-53).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 200072
Time elapsed: 25 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP42\A0097228.exe (Rogue.SpywareRemovalToolkit) -> No action taken.


there what should i do now? should i click remove all selected? if yes will it have effect in my operating system?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:35 AM

Posted 26 November 2010 - 08:52 AM

With Malwarebytes Anti-Malware, once the scan is completed, infected files marked for "Remove Selected", are copied, renamed, encrypted and password protected, then sent to quarantine. The original file is either immediately removed or removed on reboot. When a security program quarantines a file by moving it into a a dedicated Quarantine folder, that file is safely held there and no longer a threat as it is essentially disabled and prevented from causing any harm to your system. If you determine that MBAM removed a legitimate file (false positive), it can be restored from Quarantine by clicking the Restore button. Quarantine is just an added safety measure. When the quarantined file is known to be malicious, you can delete it at any time by launching the MBAM, going to the Quarantine tab, and choosing the option to delete. Choosing delete, removes the backup copy and it no longer can be restored.

Please continue with the Norman Malware Cleaner scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 November 2010 - 12:08 AM

Norman Malware Cleaner
Version 1.8.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/27 02:02:05

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/11/27 02:02:05, Variants: 8187001

Scan started: 2010/11/27 11:39:58

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: PHILTECH-22D8C1\Joshua Jimenez

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "c:\windows\system32\userinit.exe" -> "C:\WINDOWS\System32\userinit.exe,"

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 63ms


Scanning running processes and process memory...

(484) (C:\Program Files\Avira\AntiVir Desktop\aeheur.dll!0x01770000) (Infected with W32/Packed_Upack.R)
Failed to terminate process (0xC0000022)
Failed to delete file (0x00000005)

Number of processes/threads found: 2856
Number of processes/threads scanned: 2855
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 1
Total scanning time: 1m 34s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Program Files\Best Spyware Scanner\md5.dll (Infected with W32/RegistryEasy.LF)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP41\A0091363.exe (Infected with W32/WpePro.D)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP41\A0091367.exe (Infected with W32/WpePro.D)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP41\A0097041.exe (Infected with W32/Suspicious_Gen2.EJIVY)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP41\A0097042.exe (Infected with W32/Suspicious_Gen2.EEZBC)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP41\A0097044.exe (Infected with W32/Suspicious_Gen2.ERJCK)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP44\A0097652.exe (Infected with W32/Suspicious_Gen2.EPOHE)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP44\A0097662.exe (Infected with W32/Suspicious_Gen2.ERJCK)
Deleted file

C:\System Volume Information\_restore{AD395436-7520-46CB-960C-3CBF50DBD3C4}\RP44\A0097733.dll (Infected with W32/RegistryEasy.LF)
Deleted file

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 232805
Number of archives unpacked: 2138
Number of files scanned: 232804
Number of files not scanned: 1
Number of files skipped due to exclude list: 0
Number of infected files found: 9
Number of infected files repaired/deleted: 9
Number of infections removed: 9
Total scanning time: 1h 6m 38s


QUestions:
Can i uninstall Malware bytes now?
How can i uninstall norman malware cleaner?
are all the virusses gone now?

Edited by JJTJ, 27 November 2010 - 12:35 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:35 AM

Posted 27 November 2010 - 08:29 AM

Can i uninstall Malware bytes now?

Why would you want to remove the most effective anti-malware tool that is available for free? You should be updating its definition file and running scans as part of your maintenance on a regular basis.

How can i uninstall norman malware cleaner?

Yes.

are all the virusses gone now?

There are no guarantees or shortcuts when it comes to malware removal. Depending on the infection you are dealing with, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and security tools may not find all the remnants.

In any case, I can only go by what the scan logs show (what was detected/removed) and whatever signs or symptoms of infection you are experiencing. So how is your computer running now? Are there any more signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 November 2010 - 08:49 AM

its running fast now and i wanted to uninstall norman malware cleaner but i dont know how, could you pls teach me? :)(its not on the add/remove programs :() and about on the malware bytes, i searched google and ppl are telling the program might corrupt if u have 2 anti virusses and i dont want my father and my other realtives i downloaded it so i wanted to uninstall it so am i abled to uninstall it now?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:35 AM

Posted 27 November 2010 - 09:37 AM

Norman Malware Cleaner is a stand-alone scanner that does not require installation so it will not conflict with your anti-virus. To remove it after using:
  • Make sure the tool is closed and not running.
  • Right-click on it and choose delete.
  • Empty the Recyle Bin.
If you encounter any problem, repeat the above after rebooting into safe mode.

Then if there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 November 2010 - 07:31 PM

but i cant see any icon of norman malware scanner so i cant click delete :(

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:35 AM

Posted 27 November 2010 - 08:11 PM

Where did you save it to and run it from?

If you don't remember, try doing a search.

You can use Windows Search feature > More advanced options to see if the file(s) is present. To do this, go to Posted Image -> Search and click For Files or Folders... or just press the Windows key + F key on the keyboard.
  • Click All files and folders.
  • Type the name of the file (Norman_Malware_Cleaner.exe) under "Search by...criteria below...All or part of the file name"
  • Click More advanced options and check these options:
    • "Search system folders"
    • "Search hidden files and folders"
    • "Search subfolders"
  • Then click "Search" to look for the file(s).
  • When you find the file, right-click on it and choose Open Containing Folder.
  • The file should be highlighted. Right click on it and choose Delete.
-- Vista users can refer to Windows Vista - Using the Search Function or Understanding Instant Search
-- Windows 7 users can refer to How to Search in Windows 7
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 November 2010 - 08:52 PM

it keeps saying search is complte there are no results bla bla bla

well after i downloaded it i clicked the downloads folder then clicked it then clicked run then read the terms of use bla bla bla then click continue then until i reached the scanner, after scanning i exited it. well ..

and can i uninstall mbam now? .. sorry.. im really an A.K.A NOOB ..

and btw i saw the icon of norman malware cleaner in downloads and deleted it.. so it is deleted now? or its just the start up of norman i deleted.

Edited by JJTJ, 27 November 2010 - 09:00 PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:35 AM

Posted 27 November 2010 - 10:03 PM

It sounds like you found the Norman file.

As for MBAM, yes you can uninstall it via Add/Remove Programs but I don't recommend doing so. As I said it is the most effective free anti-malware program available and such a program is needed to supplement your anti-virus because they both look for different types of threats. If you choose to remove MBAM, then you are going to need to replace it with a similar program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 JJTJ

JJTJ
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 November 2010 - 10:36 PM

oh but i was just concern that my 2 anti virus systems will conflict my program.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users