Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Antivirus 2011 and Automatic Updates


  • Please log in to reply
3 replies to this topic

#1 joe07

joe07

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 13 May 2011 - 09:26 PM

My computer was infected with xp antivirus 2011. I ran malwarebytes, as I have had something similar before and knew it must be malware. However, after running malwarebytes and rebooting, my firewall and automatic updates was turned off. I can enable my firewall, but cannot enable automatic updates. I get the following message, "we're sorry. The security center could not change your automatic updates settings." When I go to control panel and automatic updates, it is set up to check for updates at 3:00am. What do I need to do? I have attached the mbam log.Attached File  mbam-log-2011-05-13 (20-49-24).txt   1.83KB   4 downloads

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 PM

Posted 14 May 2011 - 09:06 AM

Hello, 2 things first. How long ago did you run ComboFix and your MBAM version is vey old..


Please follow our Removal Guide here Remove XP Anti-Spyware 2011 and others .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 joe07

joe07
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 May 2011 - 03:18 PM

I completed all of the removal steps, and I still have the same issue. What do I do next? Thanks for your help.

Here is my mbam log:

www.malwarebytes.org

Database version: 6577

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/14/2011 3:46:33 PM
mbam-log-2011-05-14 (15-46-33).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 243174
Time elapsed: 3 hour(s), 27 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{EE3C4797-25F0-EC3D-2009-9C63BB1770EC} (Trojan.ZbotR.Gen) -> Value: {EE3C4797-25F0-EC3D-2009-9C63BB1770EC} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Ta\application data\Sun\Java\deployment\cache\6.0\22\39e1d656-637ec845 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Ta\local settings\application data\dha.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Ta\local settings\temp\jar_cache64164.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\internet explorer\msimg32.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\WINDOWS\system32\f3pssavr.scr.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\documents and settings\Ta\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 PM

Posted 14 May 2011 - 07:53 PM

Hello, I suspect a Bamital infection. We need to run a scan that wont remove what it finds as removal here would shut the pC down.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users