Jump to content

SpySentinel

Experts
  • Content Count

    1,848
  • Joined

  • Last visited

Posts posted by SpySentinel

  1. Glad to hear your computer is running better :)

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Java™ 6 Update 26

    javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

    Upgrading Java:

    • Download the latest version of Java SE Runtime Environment 7 .
    • Click the "Download JRE" button to the right.
    • Check the box that says: "Accept License Agreement.".
    • Click on the link to download Windows Offline Installation ( jre-7-windows-i586.exe) and for your Platform, and save it to your desktop. Do NOT use the online download..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-7-windows-i586.exe and select "Run as an Administrator.")

    Please let me know if the update is successful.

  2. I just have a few more scans to make sure no malware is hiding.

    Rootkit Unhooker:

    • Please download Rootkit Unhooker and save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.

    Copy the entire contents of the report and paste it in a reply here.

    Note** you may get the following warning, just click OK and continue.

    "Rootkit Unhooker has detected a parasite inside itself!

    It is recommended to remove parasite, okay?"

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Also, let me know how your computer is running.

  3. Hi,

    Launch Malwarebytes' Anti-Malware

    • Please check for updates. If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked , and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    Run ESET Online Scan

    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the esetOnline.png button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

      1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

      3. Check esetAcceptTerms.png
      4. Click the esetStart.png button.
      5. Accept any security warnings from your browser.
      6. Check esetScanArchives.png
      7. Push the Start button.
      8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      9. When the scan completes, push esetListThreats.png
      10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      11. Push the esetBack.png button.
      12. Push esetFinish.png

        You can refer to this animation by neomage if needed.
  4. You're welcome :)

    Run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      [2010/03/28 21:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abi\Application Data\AVG9
      [2011/04/05 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

  5. Hi VirusPain,

    Welcome to the Malwarebytes Forum :)

    My name is Matt and I will be helping you with your malware issue. I apologize for the delay as we have been very busy lately.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  6. Hi grog1961,

    So, there is no way to have it automatically check or tell you that

    definitions are available for download????

    I think there should be since they update so much each day.

    If you have the PRO version, you can set Malwarebytes Anti-Malware to automatically update definitions. There is also an option that will show a notification when Malwarebytes Anti-Malware automatically updates the definitions.

  7. Is there a way the Moderators can mark posts, resolved in this fashion, to notify other users of the PM resolution ?

    Yes and no. It would take some tweaking of the forum skin to add something like that, but it is technically possible. The actual thread title could be changed as well to indicate something like that.

  8. Hi Staticguy,

    Welcome to the Malwarebytes Forum :)

    You can set exclusions for MBAM in Trend Micro to help resolve the conflict.

    Set Exclusions for Malwarebytes' Anti-Malware in Trend Micro on 32 bit Windows Versions:

    • Open Trend Micro and click on the Settings button at the bottom of the main menu (looks like a small cog/wheel).
    • Click on Exception List from the list on the side panel, and then select Programs/Folders.
    • Add the following items.
      • C:\Program Files\Malwarebytes' Anti-Malware
      • C:\Windows\System 32\Drivers\mbam.sys
      • C:\Windows\System 32\Drivers\mbamswissarmy.sys

      [*]Once that is complete, click the apply button.

      [*]Now click on websites and click the add button and then add the Malwarebytes update domain.

      • data-cdn.mbamupdates.org

      [*]Click the Apply button and then Restart the computer.

    Set Exclusions for Malwarebytes' Anti-Malware in Trend Micro on 64 bit Windows Versions:

    • Open Trend Micro and click on the Settings button at the bottom of the main menu (looks like a small cog/wheel).
    • Click on Exception List from the list on the side panel, and then select Programs/Folders.
    • Add the following items.
      • C:\Program Files (x86)\Malwarebytes' Anti-Malware
      • C:\Windows\System 32\Drivers\mbam.sys
      • C:\Windows\System 32\Drivers\mbamswissarmy.sys

      [*]Once that is complete, click the apply button.

      [*]Now click on websites and click the add button and then add the Malwarebytes update domain.

      • data-cdn.mbamupdates.org

      [*]Click the Apply button and then Restart the computer.

    Set Exclusions for Trend Micro in Malwarebytes' Anti-Malware:

    • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
    • Click the Add button on the lower left
    • In the small browse window that opens, navigate to C:\Program Files and click once on Trend Micro and click OK.
      Note: For 64 bit Windows versions this will be C:\Program Files (x86)
    • Close Malwarebytes' Anti-Malware

    Let me know if this helps to resolve the issue.

    Thanks,

  9. I have had your paid service for a year and a half. Having used several, yours is by far the very best, to me anyway. Keep up the great work.

    Thank you for the kind words! I am glad to hear that Malwarebytes Anti-Malware has been able to help keep your computer secure.

  10. I'm not able to catch what you mean by "regardless of whether the location the file itself is in is contained in the Quick Scan or not". In any event you catch and remove it from memory, but how do you remove it from a folder that is excluded from the scan?

    The Quick scan is enough to find and remove any infections on the system, as the quick scan targets where malware it seen installing itself. The Full Scan, scans everywhere on the system, and is also used to scan removable devices to search for any malware that could be present there.

    While, I can see why you don't condone certain activities, flat out telling people you don't care if they are infected by something obtained from said method is certainly a bit bold and most likely would put a serious hurt on sales if you were market your product in that manner. I would expect your customers would expect your priority is to keep their computer safe from all malware no matter how it was obtained(I know I do). Obviously MBAM is only interested providing protection for how it thinks people should use a pc and thus fails to meet the needs for many user's in doing so. Certainly that is your choice, and thankfully user's like myself have other options. As well.. it's hard to recommend a product to other people that is lacking in basic functionality.

    Of course we care about how our users are infected, and that is why we are dedicated to helping create software to eradicate malware from systems, to keep our users safe. We are always striving to come up with the best ways to help remove the latest threats, and for that reason, we only concentrate on the malware that is a threat to our users, and that is why we do not go after what the antivirus vendors do. If we did, we would be able to spend less time on the really nasty malware that is currently out there today. We jump on the latest malware right away, and sometimes before any user has seen it in the wild. Therefore we protect our users from the latest threats, that most AVs will miss because they are tying to catch everything.

  11. Should have been more explicit !

    "Do not dwell on events that happened in the past, only concentrate on the present moment." ;)

    Thanks for posting, and please feel free to let me know of any similar posts on our Facebook page in the future.

  12. I didn't see a need to do that, in as much as someone from MBAM, commented within the same post, and must have seen it also.

    On the Facebook page? More than likely I did, and it was taken care of. I was referring to any post that I have not commented on already.

  13. as I get extremely "Pist" (sic) when I see comments on your own Facebook page of people who are doing it.

    If you see any such posts on our Facebook page, please let me know by sending me a PM with the information.

    Also if they post the illegal license key, I can go ahead and pass it on to get it blacklisted.

    Thanks :)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.