Jump to content

wigwig86

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes, it's genuine, bought at a retailer's, that's where the Vista came from, along with the machine - basically it's a shopbought install.
  2. I could not install SP1 and then upgrade to SP2; Vista would not let me, and I constantly get messages saying my install may be pirated when it has a serial number already that is legitimate.
  3. This is the Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 12:07:59, on 08/09/2009 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\EDIMAX\Common\RaUI.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Opera 10 Final\opera.exe C:\Users\Adam\Desktop\HijackThis.exe O1 - Hosts: ::1 localhost O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RegistryWm] C:\Windows\system32\qtwm.exe O4 - HKLM\..\RunOnce: [
  4. These are my logs from my system (note, this is a shared computer). I do have UTorrent on it, but that was not installed by me, but by someone else. Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 6.0.6000 08/09/2009 11:07:22 mbam-log-2009-09-08 (11-07-15).txt Scan type: Quick Scan Objects scanned: 76509 Time elapsed: 8 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 5 Memory Processes Infected: C:\Windows\sc.exe (Trojan.FakeAlert) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Trojan.FakeAlert) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken. Files Infected: C:\Program Files\Protection System\psystem.exe (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> No action taken. C:\Windows\sc.exe (Trojan.FakeAlert) -> No action taken. I still get the pornotube virus/spyware links on desktop at startup, and Protection System messages, plus my Microsoft Vista Home Edition control panel has completely disappeared. Is this the Zlob trojan or a variant? I installed Sandboxie so as for those who do download programs via utorrent to prevent viruses from getting on the system, but it seems someone forgot to use it that time.
  5. I installed Sandboxie so as for those who do download programs via utorrent to prevent viruses getting on the system, but it seems someone forgot to use it this time.
  6. These are my logs from my system (note, this is a shared computer). I do have UTorrent on it, but that was not installed by me, but by someone else. Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 6.0.6000 08/09/2009 11:07:22 mbam-log-2009-09-08 (11-07-15).txt Scan type: Quick Scan Objects scanned: 76509 Time elapsed: 8 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 5 Memory Processes Infected: C:\Windows\sc.exe (Trojan.FakeAlert) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Trojan.FakeAlert) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken. Files Infected: C:\Program Files\Protection System\psystem.exe (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken. C:\Users\SharedPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> No action taken. C:\Windows\sc.exe (Trojan.FakeAlert) -> No action taken. I still get the pornotube virus/spyware at startup, and Protection System messages, plus my Microsoft Vista Home Edition control panel has completely disappeared. Is this the Zlob trojan or a variant?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.