JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
Hi dollsey74 and welcome to Malwarebytes. Please go here and follow the instructions, start your own topic in that forum and post the logs requested in your post, not attached. http://www.malwarebytes.org/forums/index.php?showtopic=2936 Someone will have a look and tell you what to do.
-
Good morning. I just updated to release 1.29 and ran MB. It identified one infection titled Broken.SecurityProviders that affected the Registry Data.
A previous post indicates that this is not a true infection but, instead, a correction to the underlying script. MalwareNet indicates that it is an infection. Can you help me determine:
- which of these two it is? And,
- if it is an infection, what kind of damage could it have done?
Thanx. --John
It is not an infection and never was, however you should allow MBAM to repair it. There was a broken protection in the earlier version of MBAM and this fixes that.
-
Hi there framboos and welcome to Malwarebytes. We apologize for this issue and the team is working on the fix as I write this. Soon there should be an update and all will be well.
-
What is your version of MBAM?
-
Please go to the HJT forum, start your own thread, update MBAM run a quick scan post that log and a new HJT log.
-
It's not malware at all and maybe if you send it MS will get it's act together and stop pegging it. melboy has good advice too.
-
Thanks both of you. It really is nice to hear appreciation now and then. Hardracer your right, research never stops.
-
Hello KoRn14 and welcome to Malwarebytes. First move HJT to program files on C:\ if C is your main drive. Second, your using a totally outdated version of MBAM. Please update it to the current version 1.29 DB 1298 and run a quick scan. Post the MBAM log and a new HJT log please.
-
Hello hardracer and welcome to Malwarebytes. Please follow the directions here http://www.malwarebytes.org/forums/index.php?showtopic=2936
-
Hi coolkehon and welcome to Malwarebytes. I need you to post the HJT log after your run MBAM. Please update MBAM run a quick scan and post that log then post a new HJT log.
-
Sooz I think your lucky you still have an operating system. When your getting help from one person don't seek help from two others. The mix can be toxic. Spysweeper was once a good program not so now, SpywareTerminator never was any good. FProtect is so so. I would recommend using Avira from Antivir and you don't even have to pay. It runs well with MBAM. Spybot Search & Destroy is a good program. What codec do you think you need? Something (the malware) said you needed one. Do you really? Most likely not. If video plays well you probably don't need anything. You need more prevention, if you had been using any type of site rating tool you probably would have been warned to get off that site you were on. http://www.free-codecs.com/ <========= Safe site.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price.
-
Your running HJT from the desktop, please move it to program files into it's own folder and run from there.
You have seriously outdated Adobe and Java these must be fixed or we are wasting our time here.
Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Please find this file C:\WINDOWS\System32\adubes.dll m and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please.
Run HJT in scan only and remove this item: O20 - AppInit_DLLs: adubes.dll
Reboot, update MBAM and run a new scan post that log and a new HJT log.
-
'You could have deleted it yourself, but we didn't know if it was malware and neither did you. ComboFix is a tool we use in removal and it is very good. However, it can destroy a system in the wrong hands with a blink of the eye. You should have no problems with video because that really wasn't a video file. It was malware. If you got the malware via a video, or a fake codec beware of doing that again.
Run HJT in scan only mode and put a check next to this item and then click fix.
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
Now update MBAM and run a quick scan if it's clean, let me know and we have some last steps. If not clean, same drill, post the log and a new HJT log please.
-
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) <==== might have something to do with it. Your firewall is either damaged or gone and you should repair it or install another. Update MBAM and run a scan if it comes out clean I think your OK. You might need to do some basic maintenance to speed up the system. Do a disk scan for errors and defragment. Also your Java is out dated.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
If your MBAM scan is clean we still have some final steps so don't run off.
-
Are you rebooting? Have your considered reformat because of the rootkit? Update MBAM your several definition versions behind. If it says delete on reboot then reboot and then scan again. Post both logs please and a new HJT.
-
Hello swetbak. Is this the same machine we worked on in July? You were told then you had a rootkit and should reformat because of that. The procedure for this would be no different. I need you to follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
Hi jamie60509 and welcome to Malwarebytes. I must tell you with a rootkit there is never any guarantee it can be fully removed and you should immediately contact all bankc, credit cards etc that you may have any information stored on the machine have them stop the cards, change passwords etc. Keep the machine offline as much as possible until you either reformat or we feel it is clean
If you decide to proceed with cleaning. Please read and follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Be sure that you update the programs. Your MBAM is behind in definitions.
-
Your not taking action when MBAM finds the malware. You need to go to the settings tab and be sure all boxes are checked.
MBAM has updated since your log so please update it and scan again post the log and a new HJT.
-
Yes delete what MBAM finds.
Run HJT again and remove this line as before
O20 - AppInit_DLLs: kmon.dll
Reboot, update MBAM scan again post that log and if nothing found that's good if you remove again a new HJT please. I need some sleep.... I'll check back later.
-
Hi Spudnic and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Post your logs back into this thread, not as attachments in the body of the post please.
-
OK so you do have Vundo. You need t scan and take action. Post a new MBAM log after updating it and a new HJT log please. I just got word your malware was added.
-
Hi fxFishie and welcome to Malwarbytes. Removal of an infection like Vundo can cause all sorts of system damage and slow it down. It is also very possible you will need to clean every account. You should run MBAM on each account and see what it shows. If you need help cleaning those accounts follow the procedure you have in this thread an start a new topic for each account. Someone will be happy to help you.
You logs look clean. I suggest you do a disk error scan, then defrag. Also be sure to purge the System restore and make a new clean restore point.
To be sure update MBAM again and run a scan post that log and a new HJT log please.
-
Looking good how is it running?
pandrv.sys
in Resolved Malware Removal Logs
Posted
I'm not going to keep answering in PM's. This machine never had a rootkit. All I can think is your seeing the registry keys removed with the word root in them?
As for Adobe writer, I don't know why that would keep you from updating. It's a know exploit and will get them infected again. You have not updated Java. The current version is 1.6 u10 not 7.
If your not already reformatting run HJT in scan only mode and remove O20 - AppInit_DLLs: adubes.dll. Did you upload the other files? I need to know if we are proceeding or not.