Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unremovable Infection?


  • Please log in to reply
4 replies to this topic

#1 Seanono

Seanono

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 04 September 2006 - 10:00 PM

Had an ad pop up problem earlier but it seemed to be resolved.
But trojan hunter keeps finding the following.
"Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (matches Agent.100)"
TH would remove it but it'll be back again after a while.

Strangely, AVG, adaware, spybot S & D doesn't seem to find anything.

Is this a cause for alarm and can it be solved?

Thanks.

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 05 September 2006 - 03:25 AM

Hello Seanono, and welcome to BleepingComputer! :thumbsup:
This is probably a component of what is known as winlogonhook which is an infection that many people are contracting of late.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

======

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
======

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

======

Once you have done this, follow the Preparation Guide Before Posting A HijackThis Log, before posting your log, along with the Ewido log in new topic in our HijackThis Logs and Analysis Forum.

Hope this helps, and good luck!
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Seanono

Seanono
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 05 September 2006 - 11:24 AM

Thanks for the reply and help.
I'll follow the directions

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 06 September 2006 - 01:36 AM

Good luck! Let us know how you get on... :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:11:41 AM

Posted 06 September 2006 - 08:07 AM

LINK to Seanono's HJT log.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users