Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Performance and Analysis Report


  • Please log in to reply
3 replies to this topic

#1 tomatot4

tomatot4

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 17 March 2012 - 09:20 PM

Hi,
I got a pop up Window of the PC Performance and Analysis Report after I accidently allowed a rogue "driver" installation for sound card.
Going through past posts of the same problem, I have attached the mbam LOG

_____________________________________________________________________
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
NoBo :: WIN7-PC [administrator]

Protection: Enabled

3/18/2012 11:52:51 AM
mbam-log-2012-03-18 (11-52-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 385298
Time elapsed: 1 hour(s), 16 minute(s), 10 second(s)

Memory Processes Detected: 1
C:\ProgramData\fvmJCJEUlfbO.exe (Rogue.FakeHDD) -> 3784 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileHunter (PUP.FileHunter) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fvmJCJEUlfbO.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\fvmJCJEUlfbO.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Users\NoBo\AppData\Roaming\FileHunter (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Roaming\FileHunter\downloads (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Roaming\FileHunter\metafiles (PUP.FileHunter) -> Quarantined and deleted successfully.

Files Detected: 13
C:\ProgramData\fvmJCJEUlfbO.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Users\NoBo\AppData\Local\Temp\FH\extension.exe (Adware.Soge) -> Quarantined and deleted successfully.
E:\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Adobe Acrobat 10\AdX_by_SpyrosA\AdX_by_SpyrosA\Get Inside!!!\Activator\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
E:\Civil\CIVIL SOFT\AutoCAD 2008 keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\New folder (2)\Handy.Apps.EasyMoney.v1.6.0.Android.Incl.Keygen-NOYPDA\Handy.Apps.EasyMoney.v1.6.0.Android.Incl.Keygen-NOYPDA\np0054\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\Windows 7 Loader v1.7.9\Windows 7 Loader.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Roaming\FileHunter\pumpa.state (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Roaming\FileHunter\FileHunter.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Roaming\FileHunter\pumpa.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Roaming\FileHunter\uninstall.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Local\Temp\FH\extension.exe (PUP.Dropper) -> Quarantined and deleted successfully.
C:\Users\NoBo\AppData\Local\Temp\FH\FileHunter-Win32.exe (PUP.FileHunter) -> Quarantined and deleted successfully.

(end)

_______________________________________________
On reboot, there werent any pop-ups as before. However, I cannot see any of my folders or files on my HDD.

As per the post I have gone through, I am to run Super AntiSpyware in Safe Mode.
Is this right or would you advise me differently?

I have an expired Norton Internet Security 2011 on PC.
Will simply renewing the subscription help?

Thanks,

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 18 March 2012 - 02:03 AM

Hi

Please follow the guide on removing this rogue

http://www.bleepingcomputer.com/virus-removal/remove-system-check

Use the unhide tool given in the guide to recover your files

good luck

#3 tomatot4

tomatot4
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 18 March 2012 - 08:17 AM

Hi narenxp,

Thanks for the advice.
I ran unhide.exe

I can see my desktop as before.
However my Firefox keeps crashing and is unable to send bug reports.
I finally managed to get my Internet Explorer working.

I have activated norton internet security and updated virus definitions.

I keep getting "W32.Ramnit.C!inf" detected by Auto Protect.

Also OviMPlatform (nokia Ovi) keeps poppoing up and trying to install.

most other functions of the PC are smooth.

can you suggest what steps I can take? or any diagnostic tests that may help you?

Thanks.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 18 March 2012 - 10:32 AM

RAMINIT infection needs a much more advanced tools



Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

An expert will assist you soon


Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users