melboy

Hi http://forums.malwarebytes.org/index.php?showtopic=85807 I see you've posted another topic concerning this in the false Positives section. As you appear to be Beta testing Kaspersky please wait for a verdict by Malwarebytes staff in the above topic.

Edited. Possible FP.

Hi No, this is not a false positive. Malware can use this technique to load it's own executables. http://blogs.mcafee.com/mcafee-labs/image-file-execution-options Here's one example of malware using that. http://www.threatexpert.com/report.aspx?md5=a527f6279d441cfc0d11cccd3ce82883

Hi, welcome to Malwarebytes! There is no option to Quarantine a file. What I believe you are clicking on is the Quarantine tab. This is for viewing previously found and removed threats & is not accessible whilst a scan is taking place You would need to click on "Remove Selected" (Then clicking "yes" to reboot if prompted. Please do allow MBAM to reboot if required to remove the malware). The detected files are then removed, with a copy of the file(s)removed being sent to quarantine. It can then be permanently deleted from there, or restored if it turns out to be a False positive. But, as we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.

It sounds like you may be infected again. You need to start a new topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems or infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.

Different writer, different results. http://ddanchev.blogspot.com/2011/03/dissecting-massive-sql-injection-attack.html

You're very welcome!

Hi Your installed version of Firefox is outdated. Please update to v3.6.15 You can download it here: http://www.mozilla.com/en-US/firefox/all.html Or using the internal updater: Open Firefox Click Help > Check for updates. Your log now appears to be clean. Congratulations! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. OTC by OldTimer Download OTC by Old Timer and save it to your Desktop. Double-click OTC.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself Clear Infected System Restore Points Turn System Restore off On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer - Turn System Restore on On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Uncheck Turn off System Restore on all drives. Click Apply Click each drive in turn where system restore is not required and click Settings Note: System restore is only needed on drives with an operating system installed For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.Note: only do this once, and not on a regular basis ================================== General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Make sure that you keep your antivirus updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. Uninstall Tools for Major Antivirus Products Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. Update Non-Microsoft Programs Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month. Make Internet Explorer More Secure Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities. http://malwareremoval.com/forum/viewtopic.php?f=4&t=55579 Internet Explorer 8 <<< Recommended Version For older versions please read and follow the recommendations at this site Internet Explorer7 Internet Explorer6 Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. Malwarebytes' Anti-Malware As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. Hosts File For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date. Also please read this great article by Tony Klein So How Did I Get Infected In First Place Also, Computer Security - a short guide to staying safer online. (by Gary R and Wingman) I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean!

Hi Looks good, one last final check - How are things running? random's system information tool (RSIT) Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open: log.txt (<<will be maximized) info.txt (<<will be minimized) [*]Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.) In your next reply: RSIT log.txt RSIT info.txt How are things running?

Hi From my welcome speech: Thanks. Quarantine Copies of files MBAM removes/deletes are sent to quarantine. The copies in the quarantine are renamed, encrypted and password protected. Whilst in quarantine the copy of the (removed/deleted) original file can do no harm to your pc. In quarantine you will see the options Delete, delete all, restore, restore all. If at a later date you find MBAM has removed/deleted a legitimate file (a false positive), it can be restored from quarantine back to your pc by checking the entry and clicking the restore button. If however, you know for certain that it is a malicious file then checking the entry & choosing delete, deletes it for good, and cannot then be restored. TFC Please download TFC by Old Timer to your desktop, Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt [*]Copy and paste that log as a reply to this topic. [*]Now click on: (Selecting Uninstall application on close if you so wish) No Antivirus Looking over your log, it seems you don't have any evidence of an anti-virus software. Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW: 1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support. 2) avast!Free Antivirus - Anti-virus program for Windows. The home edition is freeware for non-commercial users. 3) Microsoft Security Essentials - Free anti-malware solution that helps protect against viruses, spyware, and other malicious software [Please note that trial pay is not needed to get any product for free.] It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts. In your next reply: ESET log.

Hi Thanks for that. Update Adobe Reader Your Adobe Reader is out of date. Older versions may have vulnerabilities that malware can use to infect your system. Please download Adobe Reader X to your PC's desktop. Uninstall via Start > Control Panel > Add/Remove Programs: Install the new downloaded updated software. Then using the internal updater ensure the software is updated to the current increment 10.0.1 Open Adobe Reader go to > Help > Check for updates and allow the updater to check. Click to download and install any necessary updates. Update Java Runtime You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 24. Go to Oracle Java Scroll down to where it says "Java Platform, Standard Edition JDK 6 Update 24 (JDK or JRE)" Click the Download JRE button to the right In the Platform box choose Windows. Check the box to Accept License Agreement and click Continue. Click on Windows Offline Installation, click on the link under it which says "jre-6u24-windows-i586.exe" and save the downloaded file to your desktop. Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs: Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions. Reboot your computer Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Gmer Download GMER Rootkit Scanner from here. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO In the right panel, you will see several boxes that have been checked. Uncheck the following ...IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) See image below [*]Then click the Scan button & wait for it to finish [*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file [*]Save it where you can easily find it, such as your desktop, and post it in your next reply [*]Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled. -- If GMER crashes or results in a BSoD, please inform me -- **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Note: Do not run any programs while Gmer is running. In your next reply: MBAM log GMER log

Hi and welcome to the Malwarebytes forums. I'm melboy and I am going to try to help you with your problem. Please take note of the following: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. If you don't know or understand something, please don't hesitate to ask. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...) Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me. ========================================== Ensure the entry is checked for removal. Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. DDS Please download DDS from one of the links below and save it to your desktop: Link1 Link2 Link3 Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal. When done, DDS will open two (2) logs: DDS.txt Attach.txt [*]Save both reports to your desktop. Please copy & paste the contents of : DDS.txt Attach.txt And post them in your next reply.

Hi These may be of help to you. http://windows.microsoft.com/en-US/windows-vista/What-is-the-prefetch-folder http://blogs.msdn.com/b/ryanmy/archive/2005/05/25/421882.aspx

If you know the exact location of the file, try initiating the scan from a command prompt. Example; "%programfiles%\malwarebytes' anti-malware\mbam.exe" /developer "%userprofile%\desktop\filename.exe"

Hi Follow the directions here: http://forums.malwarebytes.org/index.php?showtopic=3228

Yes we can help with that. We don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum though, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems or infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.

If you're still referring to c:\Program Files\Alwil Software\AVast5\Chrome\Chromelnst.exe then there is no need to delete it as it is a false positive that has been fixed. Post the scan log where mbam detects it.

I don't have Avast installed myself but noticed there had been a few threads in the FP forum so got hold of a copy. Thanks Bruce.

Here you go, Bruce. chromeinst.exe + dev log. ChromeInst.zip mbam_log_2010_11_24__17_23_26_.txt

Hi, welcome to Malwarebytes! You need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.

Check your DNS settings. http://www.plus.net/support/software/dns/c...g_dns_mac.shtml Anything in the 93.188.*.* range?

http://www.malwarebytes.org/malwarenet.php...ogue.Antivirus8

You're welcome. You might want to seek some further opinions before taking the plunge and upgrading just yet, as i believe there has been a few teething problems for some with the new version, but I haven't used it myself so I can't really comment.

Hi Yes, AVG10 (AVG Free 2011) is available. You will still receive defintion updates for AVG9 for as long as it is supported, but what you are being offered is an upgrade to the new version. Some links that may help. http://forums.avg.com/gb-en/avg-free-forum...ow&id=44013 http://forums.avg.com/gb-en/avg-free-forum...show&id=201 http://free.avg.com/us-en/download-avg-anti-virus-free

Hi As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you remove SecurityTool and help you fix any further malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.