JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
Hi donster and welcome to Malwarebytes. First off I would be hesitant to answer any questions regarding the scanning software you mention because no names you use are for known programs. There are some programs with similar names, some are good some are another infection. When asking software questions for security applications it's very important you use the correct name or the answer maybe wrong.
Java and Adobe Reader updates are very important.
I haven't installed SP3 at all and haven't heard anything about the recovery console and SP3 but having the Recovery Console installed is a very good idea, because as you say, System Restore fails when you need it most.
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
You also left the beta IE in place. Get rid of this and go back to IE 7 for now.
-
I don't know if you understand about the rootkit. There is no guarantee we will get your machine clean. Your options are reformat or try. We may think your clean and you might not be. I would get the disk in the mail.
Your not taking action. When you scan with MBAM you must choose to remove. Quick scans are just as effective as a full scan. Now once again.
Update MBAM it has been updated. Run a quick scan, take action. Post that log and a new HJT log.
-
Your sure you disabled all McAfee services? Do as much of the instructions as you can here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Essential the HJT log and Panda. Don't post SBS&D log, just run it and remove anything it finds, and tell me if it's more than cookies.
-
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price, from the link in my signature.
-
Hi bjd5066 and welcome to Malwarebytes.
Please find this file C:\WINDOWS\system32\msupdate.exe -check and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please.
Do you use AOL as your ISP?
Please run HJT again and put a check next to the following lines and then click fix
O18 - Filter hijack: text/html - {53184a8a-5ad5-4533-b3be-204bfb930c30} - (no file) <========= Your passwords and any banking or credit card info has been compromised. Notify them, change all passwords. Don't log in to any sensitive sites until we get you clean.
Now reboot
Update MBAM scan a quick scan post that log and a new HJT please.
-
When did it start doing this? Does it do it with other programs? Has MBAM found malware?
-
Have you tried a quick scan? It will be just as effective. What antivirus do you use?
-
Hii KayakAngler and welcome to Malwarebytes.
Please read and follow the instructions here then post a log here . Someone will be happy to help you.
-
Hi Clueless and welcome to Malwarebytes. It sounds like you might not be fully cleaned up. Read and follow the instructions here then post a log here . Someone will be happy to help you.
-
Excuse me butting in please, but this should now be in MBAM definitions. I got the man on it today and he wrote in for Windows Tribute. So update MBAM, quick scan post that log and a new HJT.
-
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price, from the link in my signature
-
Your making this twice as hard as needed. Please read the instructions and do as it says. Don't stop it, don't touch it until it's done.
Download GMER get the zip file and save to your desktop.
Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. .
Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.
-
If your a Firefox user there is a DNS toolbar www.westernitgroup.com also and SiteHound http://firetrust.com/ is for both IE and FF and it give the site info.
-
I asked for one updated MBAM log. Now I see three attached. The one I opened shows you took no action. So yes of course it keeps coming back.
Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\bgee.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\winrtwv.exe (Trojan.Agent) -> No action taken.
Update MBAM scan, take action. Post the log. Also a new HJT log.
Raid needs to see a log from the following. Post logs in your reply not attached please.
OK let's go for another special scan tool.
Download GMER get the zip file and save to your desktop.
Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. .
Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.
-
Yes I did say delete the file, you took it a bit farther, and in this case it was for the best. This has been an ordeal to say the least. Next version of MBAM will have a heuristic to go for that service. It's always the same kd???.exe where the ? are random letters.
Let's see a clean MBAM log and I'm kicking you out . LOL Please update MBAM, run a quick scan and post that log. If it's clean I don't need HJT, it not you know the drill. Then we have some final steps.
-
I am getting the same problem when trying to reload MWB.
Never heard of Avira. I had been thinking of switching to Kapersky. Is Avira better worse or the same? McAfee I think, has turned out to be a product for which you pay for the brand name (plus it comes pre-loaded with many computers) but there are cheaper, superior products out there. I just haven't had the time to research.
Avira is free very light on resources, none of which McAfee is. They get preloaded because they pay for it. Kaspersky's is a reputable program also.
-
IMO that doesn't solve the problem. Regardless of how one might feel about McAfee some of us are stuck with it and therefore need to let others know as well as seek to get a resolution.
Yes your right they need to fix it. I was being sarcastic. We appreciate you telling us about this second go 'round with them. As for being stuck with it, that would be where the user needs to take action.
-
Hi JohnD and welcome to Malwarebytes. What is SS? Are you running all the scanners as active? That might be locking up the system and MBAM. Have you tried a reinstall or updating the program?
-
Hi are you still having this issue?
-
Hi Pupu and welcome to Malwarebytes. Are you still getting this error?
-
Hi Graffin and welcome to Malwarbytes. Sorry no one answered your questions before now. There is nothing to worry about with that entry. It can be malware so if you go ahead and fix it and it comes back there is no worries. In your case the Good(1) means it is not malware. I have to agree that is confusing, but rest assured your ok. If you fix it you shouldn't see it again. Quick scans will be just as effective as a full scan.
please help me get unrooted!
in Resolved Malware Removal Logs
Posted
Hi chotasahib and welcome to Malwarebytes. You need to run MBAM in normal boot. With any rootkit infection you need to consider seriously that there is no absolute way to know if we ever get it all gone. Reformatting will remove some, but not all.
You need to notify all banks, credit cards and any other sensitive information sites that your machine is compromised and your identity could have been stolen. You need to reset all passwords from a clean machine, and not log in from this one.
Before we proceed decide if you wish to risk the rootkit never leaves or you reformat.