546mpster
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by 546mpster
-
-
Thanks, yes I do. Some help would be appreciated.
-
-
Can anyone help with this?
-
Hello,
On 2010-03-07, in th early evening, I got hit with the Vista Internet Security 2010 virus. After trying a lot of things, I managed to boot into safe mood, rename the executable of Malwarebytes ('vistanext'), install and run Malwarebytes. It looks and feels like the infection is gone, however, I am worried if it is. I am especially worried about keyloggers, since I do things like banking and Skype calls home/credit online.
My OTL logs, Hijack This log, and Malwarebytes log (pre and post infection) are attached.
My OTL settings follow this thread:
http://forums.malwarebytes.org/index.php?s...=39041&st=0
Thanks for your time, which is really really appreciated.
mbam_log_2010_03_07__23_05_31_.txt
(OTL, Hijack This attached) Recovered after Vista Internet Security 2010, but clean?
in Resolved Malware Removal Logs
Posted
Thanks for your help screen317, it is tremendously appreciated.
Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
3/22/2010 10:54:54 PM
mbam-log-2010-03-22 (22-54-54).txt
Scan type: Quick Scan
Objects scanned: 121565
Time elapsed: 29 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Neel\AppData\Local\MSASCui.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Neel\AppData\Local\MSASCui.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Neel\AppData\Local\MSASCui.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Neel\Local Settings\Application Data\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Neel at 1:02:09.41 on Tue 03/23/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft