melboy

Hi Good - Thanks for that. Give me an update on how things are running after executing the CFScript below, particularly tell me if the redirects have stopped. COMBOFIX-Script A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: http://forums.malwarebytes.org/index.php?s=&showtopic=54528&view=findpost&p=274650 Collect:: c:\documents and settings\Sylvie\Application Data\wqhtpi.dat c:\windows\system32\cisvdl32.dll File:: c:\windows\Ckozuzeqijiwa.dat c:\windows\Dbucimonusi.bin Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". If you need help to disable your protection programs see here. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Note: When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. ===========

Hi and welcome to the Malwarebytes forums. I'm melboy and I am going to try to help you with your problem. Please take note of the following: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. If you don't know or understand something, please don't hesitate to ask. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...) Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me. ========================================================= TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial) Next double-click the tdsskiller Folder on your desktop. Double click tdsskiller.exe to run the tool. If malicious services or files have been detected, the utility may prompt to reboot the PC in order to complete the disinfection procedure. Please reboot if prompted. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt. Please post the contents in your next reply

Hi, welcome to Malwarebytes! As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.

Hi Check a file Go to VirusTotal or Jotti's Copy/Paste the file above into the white Upload a file box. Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes. NOTE: if you receive a message stating: File has already been analyzed,(VirusTotal) click Reanalyze file Now. File has been scanned before(Jotti), click Scan again. [*]After a while, a window will open, with details of what the scans found. [*] Copy and paste the results into your next reply. TFC You should still have this on your desktop Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Hi sylmart7 It has been two days since my last post. Do you still need help? Do you need more time? Are you having problems following my instructions? If you do not reply within the next 24 hours, this topic will be closed.

Hi ComboFix (by sUBs) Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial You must download it to and run it from your Desktop Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. For instructions on how to disable your security programs, please see this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click combofix.exe & follow the prompts. When finished, it will produce a log. Please save that log to post in your next reply Re-enable all the programs that were disabled during the running of ComboFix.. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper

You're welcome.

My apologies - a slight oversight on my part. Yes run defogger By all means keep TFC and use it to clean out your temp files. DeFogger Re-enable To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. Any more questions?

HI That all looks good. Run a quick scan with an updated MBAM and if that comes back clean, continue on with the instructions as you're good to go! (If MBAM does find something, post the log and we'll take it from there) Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. If the MBAM log is clean continue with the instructions below: =================================== OTC by OldTimer Download OTC by Old Timer and save it to your Desktop. Double-click OTC.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself ========================================================================== Your log now appears to be clean. This is my general post for when your logs show no more signs of malware General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Clear Infected System Restore Points Turn System Restore off On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer = Turn System Restore on On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Uncheck Turn off System Restore on all drives. Click Apply Click each drive in turn where system restore is not required and click Settings Note: System restore is only needed on drives with an operating system installed For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK. Note: only do this once, and not on a regular basis. [*]Make sure that you keep your antivirus updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. Uninstall Tools for Major Antivirus Products [*]Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. [*]Update Non-Microsoft Programs Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month. Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. Malwarebytes' Anti-Malware As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. Hosts File For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Use an alternative Internet Browser Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox Opera Install and use a firewall with outbound protection The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet. Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC. Suggestions: Online Armor Free PcTools Firewall (Free) Outpost Firewall Free [Please note that trial pay is not needed to get any product for free.] Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date. Also please read this great article by Tony Klein So How Did I Get Infected In First Place I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean!

Hi Your MBAM scans are showing that it is quite a few database versions behind. The current as I type is 4217. Yours shows 4052. You need to update it. Instructions for doing this are included below. Let me know how things are running when you've completed them, along with posting the rquired logs. GooredFix Please download GooredFix and save it to your Desktop. Ensure all Firefox windows are closed. Double-click Goored.exe to run it. When prompted to run the scan, click Yes. GooredFix will check for infections When completed, a log will open. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). TFC Please download TFC by Old Timer to your desktop, Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Re-run DDS Please disable any anti-malware program that will block scripts from running before running DDS. Disable any script blocker, and then double click dds.scr to run the tool. When done, Please copy & paste the contents of : DDS.txt And post it in your next reply. In your next reply: GooredLog.txt MBAM log DDS.txt

Hi Open Internet Explorer and go to Tools > Internet Options > Click the Security Tab, then select the Internet zone. Click the Custom Level... button Under ActiveX controls and plug-ins , ensure: Allow previously unused ActiveX controls to run without prompt is set to Disable Allow Scriplets is set to Disable Automatic prompting for ActiveX controls is set to Disable Binary and Script Behaviors is set to Enable Display Video and Animation on a webpage that Does not Use External Media Player is set to Disable Download signed ActiveX controls is set to Prompt Download unsigned ActiveX controls is set to Disable Initialize and script ActiveX controls not marked as safe is set to Disable Only allow approved domains to use ActiveX without prompt is set to Disable Run ActiveX controls and plug-ins is set to Enable Script ActiveX controls marked safe for scripting is set to Enable Click OK > Yes/Apply > OK Then try the ESET scanner again. If you continue to have problems, try the Kaspersky scan. Kaspersky Online Scan Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail Databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Please refer to this animation if you need further help.

Hi Good - That should have stopped the redirections. After running the instructions below, let me know how the computer is running. Update Adobe Reader Your Adobe Reader is out of date. Older versions may have vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9.3 to your PC's desktop. Uninstall via Start > Control Panel > Add/Remove Programs: NOTE: DO NOT uninstall Adobe Acrobat 5.0 I am not going to ask you to update because it costs quite some money to do so. From now on, use the Reader to read PDF files. For anything else which the reader cannot do, feel free to use your Acrobat. Install the new downloaded updated software (Adobe Reader 9.3). Then using the internal updater update the software to the current increment 9.3.2 Open Adobe Reader go to > Help > Check for updates and allow the updater to check. If updates are found click Show Details and check the boxes to click to download and install any necessary updates. MBR Rootkit Detector Please download MBR.exe by GMER Be sure to download it to the root of your drive, e.g. C:\MBR.exe Once the download has finished, click Start > Run. Copy and paste the contents of the codebox below into the run box (Do Not include Code:), then click OK : CMD /C \mbr -t >Log.txt&Log.txt&del Log.txt A log will be generated, Post the contents in your next reply. TFC Please download TFC by Old Timer to your desktop, Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Hi and welcome to the Malwarebytes forums. I'm melboy and I am going to try to help you with your problem. Please take note of the following: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. If you don't know or understand something, please don't hesitate to ask. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...) Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me. =================================================== GooredFix Please download GooredFix and save it to your Desktop. Ensure all Firefox windows are closed. Double-click Goored.exe to run it. When prompted to run the scan, click Yes. GooredFix will check for infections When completed, a log will open. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). TFC Please download TFC by Old Timer to your desktop, Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Re-run DDS Please disable any anti-malware program that will block scripts from running before running DDS. Disable any script blocker, and then double click dds.scr to run the tool. When done, save both reports to your desktop. Please copy & paste the contents of :DDS.txt attach.txt And post them in your next reply. In your next reply: DDS.txt attach.txt MBAM log GooredLog.txt

Hi and welcome to the Malwarebytes forums. I'm melboy and I am going to try to help you with your problem. Please take note of the following: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. If you don't know or understand something, please don't hesitate to ask. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...) Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me. =================================================== TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial) Next double-click the tdsskiller Folder on your desktop. Double click tdsskiller.exe to run the tool. If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt. Please post the contents in your next reply

Hi, welcome to Malwarebytes! As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible.

Although the actual scan is finished, you have taken no action on the files that have been detected - That is why you see the pop-up saying the "scan is in progress. Are you sure you want to close Malwarebytes' Anti-Malware?" Normally you would have MBAM "Remove Selected" to finish the scan & removal process. As you are taking no action instead of removing the detected files, you are being prompted to make sure you want to finish the scan & removal process without removing the detected files.

Not strictly correct, mountaintree16. Skype utilizes P2P technologies in a similar way to that of the file sharing programs such as LimeWire, BitTorrent etc. In fact look up the relationship between Skype and the file sharing application, Kazaa.

christcg, you're most welcome.

Hi OTM by OldTimer Double-click OTM.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself You can also Delete TDSSKiller & DelDomains. = Your log now appears to be clean. Your computer was infected with a ROOTKIT. In particular, the TDL3 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised. Therefore it may be prudent to: Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password) What are rootkits from Wikipedia How do I respond to a possible identity theft and how do I prevent it == Although not technically malware, the free version of Download Accelerator Plus (DAP) is ad supported. You might want to read these articles the following articles: http://sunbeltblog.blogspot.com/2006/01/do...plus-merit.html http://www.safer-networking.org/en/article...d-managers.html http://www.softpedia.com/user/licensing_adsupported.php http://en.wikipedia.org/wiki/List_of_downl...nagers#Managers === This thread concerning Spyhunter may interest you. If you pay a fee/subscription for Spyhunter - in my opinion - your money would be better spent on MBAM. ============================= This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Clear Infected System Restore Points Turn System Restore off On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer Turn System Restore on On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Uncheck Turn off System Restore on all drives. Click Apply Click each drive in turn where system restore is not required and click Settings Note: System restore is only needed on drives with an operating system installed For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK. Note: only do this once, and not on a regular basis [*]Make sure that you keep your antivirus updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. Uninstall Tools for Major Antivirus Products [*]Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. [*]Update Non-Microsoft Programs Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month. Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. Malwarebytes' Anti-Malware As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. Hosts File For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Use an alternative Internet Browser Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox Opera Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date. Also please read this great article by Tony Klein So How Did I Get Infected In First Place I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean!

Hi No, the trusted sites to which I refer are in the trusted sites zone in Internet Explorer, which can can be found by opening Internet Explorer and going to Tools > Internet Options > Security tab > Trusted sites. Your DDS log shows that the sites in this zone currently are as follows: You may find that some programs automatically add their "home" website to the list, but generally - as I previously said - It is not advisable to give sites "trusted" status as it lowers your protection for sites in this zone. Please post the requested logs as you are ready.

Hi How are things running? Backup the Registry: Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so. Please go here and download ERUNT. ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Install ERUNT by following the prompts. Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable. Make sure that at least the first two check boxes are selected.(System registry & Current user registry) Click on OK When the Question pop-up appears click on Yes to create the folder. After a short duration the Registry backup is complete! popup will appear Now click on OK. A backup has been created. Trusted Sites. It is not advisable to give sites "trusted" status as it lowers your protection for sites in this zone. Even legitimate sites can be hacked. Visiting these sites whilst they are compromised would leave you at a greater risk of infection whilst they have trusted status. DelDomains Please download: DelDomains.inf and save it to your desktop. Locate DelDomains.inf on your desktop. Right-click and select Install This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones. Any previously added restricted zone entries (by SpywareBlaster, Spybot S&D etc) will need to be reapplyed. NOTE: You will not see any on-screen action. OTM Download OTM by Old Timer and save it to your Desktop. Double-click OTM.exe to run it. Paste the following code under the area. Do not include the word Code. :Reg [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "system tool"=- :Files C:\WINDOWS\system32\baKklnmp.ini C:\WINDOWS\system32\baKklnmp.ini2 C:\WINDOWS\system32\cvkymvmu.ini C:\WINDOWS\system32\ebkbymvo.ini C:\WINDOWS\system32\ejepivay.ini C:\WINDOWS\system32\okometaf.ini C:\WINDOWS\system32\ufxefqdn.ini c:\program files\bhycvn :Commands [purity] [emptytemp] [resethosts] [Reboot] Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Push the large button. OTM may ask to reboot the machine. Please do so if asked. Copy everything in the Results window (under the green bar), and paste it in your next reply. NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. After OTM has rebooted the machine: Re-run DDS Please disable any anti-malware program that will block scripts from running before running DDS. Disable any script blocker, and then double click dds.scr to run the tool. When done, Please copy & paste the contents of : DDS.txt And post it in your next reply. In your next reply: OTM log DDS.txt

Hi Please use the Add Reply button rather than the Reply button - thanks. Give me an update on how things are running. TFC Please download TFC by Old Timer to your desktop, Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. Malwarebytes' Anti-Malware (MBAM) As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform Quick scan, then click on Scan When done, you will be prompted. Click OK. If Items are found, then click on Show Results Check all items then click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started. Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Hi and welcome to the Malwarebytes forums. I'm melboy and I am going to try to help you with your problem. Please take note of the following: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. If you don't know or understand something, please don't hesitate to ask. Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me. ==================================== RE: BitTorrent P2P downloads are likely to bring infections into the system. My recommendation is to uninstall these P2P file sharing programs (and others if present) When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again. Click on Start > Control Panel and double click on Add/Remove Programs. Locate BitTorrent and click on the Change/Remove button to uninstall it. Close Add/Remove Programs and Control Panel when done. TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial) Next double-click the tdsskiller Folder on your desktop. Double click tdsskiller.exe to run the tool. If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt. Please post the contents in your next reply

You're most welcome, Donna.

Hi Your computer was infected with a ROOTKIT. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised. Therefore it may be prudent to: Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password) What are rootkits from Wikipedia How do I respond to a possible identity theft and how do I prevent it =============== Your log now appears to be clean. This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. If not, please follow the instructions below: Uninstall Combofix We Need to Remove ComboFix Please go to Start -> Run Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there. Press OK (Or hit enter). Allow ComboFix to remove itself. OTC by OldTimer Download OTC by Old Timer and save it to your Desktop. Double-click OTC.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself ========================== General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Make sure that you keep your antivirus updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. Uninstall Tools for Major Antivirus Products Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. Update Non-Microsoft Programs Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month. Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. Malwarebytes' Anti-Malware As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. Hosts File For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Install and use a firewall with outbound protection The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet. Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC. Suggestions: Online Armor Free PcTools Firewall (Free) Outpost Firewall Free [Please note that trial pay is not needed to get any product for free.] Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date. Also please read this great article by Tony Klein So How Did I Get Infected In First Place I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean!