Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected, I need some help.


  • Please log in to reply
8 replies to this topic

#1 xSaya

xSaya

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 20 July 2011 - 10:56 AM

Before I proceed to my problem, the programs I am using are:
- Avira Antivirus
- Malwarebytes
- SuperAntiSpyware
- Spybot

Ok, so recently when I open my computer, a pop-out message from Spybot appears saying that the registries are modified and if I agree to it. Even if I click on the options nothing happens. Later though, I noticed a problem; My Photoshop could not save pictures.

Anyway I did a scan; My Avira has moved to quarantine these items:
- TR/Spy.Gen2 Trojan
- 2x HTML/FakeAV.AK

Spyware found (in both safe and normal mode):
- System.BrokenFileAssociation

Malwarebytes found and deleted:
- PUM.Hijack


So what can I do? How can I fix the pop-out message from Spybot problem and my Photoshop save options? (Assuming that it has to do with registries)

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:51 PM

Posted 20 July 2011 - 11:39 AM

Can you post the full logs from your virus scans and Super anti-spyware and Malwarebytes?

#3 xSaya

xSaya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 20 July 2011 - 02:10 PM

ANTISPYWARE LOG:

Memory items scanned : 483
Memory threats detected : 0
Registry items scanned : 7729
Registry threats detected : 1
File items scanned : 17820
File threats detected : 0

System.BrokenFileAssociation
HKCR\.exe


MALWAREBYTES LOG:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:51 PM

Posted 20 July 2011 - 03:00 PM

I need the full logs not just snippets.

#5 ataloss68

ataloss68

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 20 July 2011 - 03:22 PM

Before you waste too many days researching and trying all the different fixes being recommended out there like I did, do yourself a favour: Install Kaspersky Anti-virus (They have a 30 day free trial). It removed and fixed everything that malwarebytes, symantec endpoint, super anti-spyware, spybot s&d couldn't! I AM A BELIEVER and have now purchased it to replace all the other useless programs.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:51 PM

Posted 20 July 2011 - 03:30 PM

A little something to know about Malwarebytes and Super Anti-Spyware they are not anti-viruses and shouldn't be compared to them. they are anti-malware tools. There is a big difference.

#7 xSaya

xSaya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 21 July 2011 - 01:02 PM

How about now?

MBAM LOG:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7209

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21/7/2011 19:29:05
mbam-log-2011-07-21 (19-29-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 213239
Time elapsed: 4 hour(s), 49 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLo

gOff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted

successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2011 at 08:16 PM

Application Version : 4.55.1000

Core Rules Database Version : 7431
Trace Rules Database Version: 5243

Scan type : Complete Scan
Total Scan Time : 06:14:14

Memory items scanned : 307
Memory threats detected : 0
Registry items scanned : 7698
Registry threats detected : 1
File items scanned : 17792
File threats detected : 3

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\Unknown\Cookies\unknown@atdmt[2].txt
C:\Documents and Settings\Unknown\Cookies\unknown@atdmt.combing[2].txt
C:\Documents and Settings\Unknown\Cookies\unknown@imrworldwide[2].txt



It seems that PUM.Hijack is still there, despite saying that MB removed it.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:51 PM

Posted 21 July 2011 - 01:30 PM

Run Mbam in normal mode.

#9 xSaya

xSaya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 21 July 2011 - 05:58 PM

Okay, Mbam does not detect anything now, so I assume the PUM.Hijack disappeared.

But what the pop-out message from Spybot about modified registries and the System.BrokenFileAssociation could mean? Because my Photoshop was affected and it cannot save pictures.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users