JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
You did not take action with MBAM in the log you posted. You must choose to remove the bad items. I don't want edited logs, or reports of what you did. I need to see the scan with the items removed. Then the HJT log after that. Please update MBAM, run a quick scan and post the log, and a new HJT log.
-
ccarbo you have been here enough times you should know by now, you do not run tools like Combofix without being asked.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: {766dad48-ff84-5a99-2654-c762acdf8256} - {6528fdca-267c-4562-99a5-48ff84dad667} - C:\WINNT\system32\wrstvb.dll
Click on Fix Checked when finished and exit HijackThis.
Update MBAM run a quick scan and post the log and a new HJT log.
-
Hi Camaro and welcome to Malwarebytes. I would still recommend you follow these instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and begin your own topic by posting the requested logs.
-
Didn't lose www, lost function of one software program. I had an email from MS updates last night addressing the ZA stuff. I would never allow that POS on the machine. LOL
-
Yup, sorry everybody, we have switched processors from RegNow to Cleverbridge.
Well, strange because I just sold a RRP via RegNow the other day. That's where my affiliate account is. Do I need to try and get them to pay me and switch?
-
OK, just spoke to the author of MBAM, try reinstalling it as jean.exe.
Please upload these files C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\fsrpknov.dll to here http://uploads.malwarebytes.org/ Then do the following.
Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix.
Download:
Use this URL to download the latest version (the file contains both English and French versions):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Double-click SmitfraudFix.exe
* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Clean:
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click SmitfraudFix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
* Optional:
o To restore Trusted and Restricted site zone, select 3 and hit Enter.
o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Post the Smitfraud log and a new HJT log please.
-
Rename HJT to skeoff.exe and rename MBAM to jean.exe see if that works. Safe mode for HJT is not going to work.
-
Anyone have any news of the latest MS updates breaking installed software? I did an install today and the corporate software quit working, on the non admin account we use for regular employees. I could get it to run on an admin account I created for me to use for updates etc, after resetting compatibility to work for XP SP2 ( no idea why that is, but tech support instructed).
We never had an admin account for employees to use, and the software worked fine. Tech support insists it must run on an admin account and just wouldn't accept that it was never on an admin account. I know what it was and is still a regular account. The only other change was to install Spybot Search & Destroy version 1.6. I'm not saying it had anything to do with the problem at all, just stating fact.
-
Cant blame it all on the kids Caz. This is the season malware writers aim all the worst stuff at kids. Kids are out of school and they know it. Proper prevention can stop a good share of these infections.
-
Hi mz30 and welcome to Malwarebytes!!
-
Hi skeoff and welcome to Malwarebytes. Please move HJT to the main drive for this machine, usually C. Put MBAM on a flash drive also and install it on the machine. Run a quick scan with MBAM and a new HJT log, from the C drive. Post both logs in your next reply.
-
I've instaled this version and Windows defender asks me to send the files "mbam.exe" and "mbamcatchme.sys" for analysis. Also SpyBot says that "mbam.exe" is Smitfraud-C and "mbamcatchme.sys" is Worldsecurityonline.Fakealert. Can anyone tell anything about this?
Thanks in advance
Both programs are identifying components of MBAM that could be malware in a malicious program. Thanks for letting us know.
-
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.
Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.
The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.
-
Since there has been no reply to this topic in over 5 days and most issues are resolved I will close it to prevent others from posting into it.
The fixes in this topic are for this machine only. Do not apply to your machine. If you need assistance follow the instructions at the top of this forum for Pre-HighJack This! posting and begin your own topic, someone will be happy to assist you.
-
I think you can kill the service in AA and still use it as a on demand scanner. With MBAM, SBS&D and your AVG (also slow IMO) you are OK. After you run the defrag and Startup lite post a new HJT log and we'll see what else can get shut down.
-
Hi anonimito and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936. Your not removing the Trojan with MBAM. You must take action.
-
Hi Turtledove and welcome to Malwarebytes!!
-
The link takes you to the instructions for pre-HJT posting. That's right where it's supposed to go. Follow those directions and begin your own topic in that same forum.
-
Your not removing it. The log clearly shows no action taken. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936
-
Hi, I've been directed here by YoKenny from Securitycadets .......
Problem with my daughters laptop, she innocently downloaded antivirus2008Pro thinking it was an Antivirus Programme. Now we can't get rid of it ......
We can connect to the net, but when it comes to going onto Sites to get help for removal, they load so far then just totally stop. What I need to know is can I download the Anti Malware or the Rogueremover to my system, hopefully burn onto cdrom and try removing it on her system this way?
HJT Log is out of question as she doesn't have the programme on her system, and as I've said, cannot connect to sites to get it.
You can get HJT the same way you are asking if you can get MBAM. Post the logs in this forum please http://www.malwarebytes.org/forums/index.php?showforum=7
-
Hi Gimpster, welcome to Malwarebytes.
-
Hi please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and begin your own topic in that forum.
-
OK, sorry this slipped into another day. Been busy in RL work. You have a lot of stuff starting at boot you don't need. Also AdAware is a resource hog with a constant running service in this new version.
We have a program here called StartupLite that can stop many of these un-needed things from starting. It doesn't uninstall them, just stops them from starting safely. You can manually load the program. You might also benefit from a disk check for errors and a defrag. Do these in that order, error check then defrag.
Now moving on, Adobe needs updated version 8 is current.
Let's see a new log from MBAM, be sure to update quick scan and post a new HJT too.
-
Please copy and paste the log here as soon as you get a chance to get back to the PC.
Suspected keylogger (for World of Warcraft)
in Resolved Malware Removal Logs
Posted
I use OA and have no problems.
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe <==== that is AA constant running service.
AVG is also now a resource hog. You have a bunch of stuff you don't need to run at start up or until you want to use it, even after StartupLite.
ITunes, Office both huge hogs.
MBAM current definition version is 941. Java seems to have had another update too. You need to uninstall current version via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
WinPatrol by BillPStudios
SiteHound by FireTrust
RogueRemover
hpHosts