Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

\bvvpwo.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 jobe1765

jobe1765

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 06 July 2011 - 09:41 AM

Should I do anything further with this one??

Rkill Found the following app running:

Processes terminated by Rkill or while it was running:

C:\Users\ITRS\AppData\Roaming\Microsoft\bvvpwo.exe


Rkill completed on 07/06/2011 at 10:28:31.

Running MBAM.exe results in 4 infected files.
The log as follows:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7033

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/6/2011 10:40:16 AM
mbam-log-2011-07-06 (10-40-16).txt

Scan type: Quick scan
Objects scanned: 169277
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\ITRS\AppData\Roaming\microsoft\bvvpwo.exe (Rogue.FakeMSE) -> Quarantined and deleted successfully.
c:\Users\ITRS\AppData\Roaming\microsoft\cpxohb.exe (Rogue.FakeMSE) -> Quarantined and deleted successfully.
c:\Users\ITRS\AppData\Roaming\microsoft\ydrvyb.exe (Rogue.FakeMSE) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:53 PM

Posted 23 July 2011 - 10:22 AM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:53 PM

Posted 29 July 2011 - 09:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users