Jump to content

jp_cent

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks, but i thought it would be easier to just go ahead and reformat. Worked like a charm.
  2. I have a trojan/virus/malware that keeps coming back. To remove it I quick scanned with MBAM. Then Scanned with Nod32(Found Nothing With Nod.) So Today I Did a full scan with MBAM Here is my log. Memory Modules Infected: C:\WINDOWS\rwlfsdmk.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\onfwbsak.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{420e8125-ce95-43ca-bd26-c91d430126b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e2164cbe-66c4-4587-9191-f5c4184ef02d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{986f48b3-32c1-45f3-bfc4-35fcebbfd1c2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6bb63d88-1867-4fa4-acdc-0510ae4956e4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b6187aa1-28e7-4972-9c5b-941cc786895d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{94127e06-f869-4884-ae38-9980562f7401} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9c097664-75af-469f-8f21-4c676a93ae3b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5ae7279-a768-48b9-8544-7585bf60e32c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3bc2c1be-7b91-4a8b-aebe-b02e3db8ac83} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3bc2c1be-7b91-4a8b-aebe-b02e3db8ac83} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\peltodgx.bmso (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rwlfsdmk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6bb63d88-1867-4fa4-acdc-0510ae4956e4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\onfwbsak (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00101) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\eqxk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\rwlfsdmk.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\peltodgx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\onfwbsak.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\dfmlxbpkwxo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\.elizley\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Local Settings\Temp\TDSS2b99.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Local Settings\Temp\TDSS4a20.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Local Settings\Temp\TDSS964c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Local Settings\Temp\TDSSe466.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\jp_cent\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. Hopefully it doesn't come back. Although it is a possibility. Please tell me how I can permanently remove this. My Main Problem is that it gives me 3 icons- Those being Privacy Protector, Error Cleaner, and Spyware & Malware Protection. It also gives me fake windows security alerts. It opens my web browser bringing me to a page where they recommend I should buy software. Please help me prevent this. I have spent many hours trying to fix it for good.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.