wharfrat

I think I'm O.K. now. Mbam found the file that I suspected and removed it this afternoon, so I didn't go further. Reason Mbam didn't find it the first time is that I couldn't update. I thought it was because I was in safe mode. When I discovered that I couldn't get online with IE, and could with Firefox, I found that my connection settings had been changed as well. Restored them, updated Mbam and it nailed it immediately. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4464 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/22/2010 5:56:31 PM mbam-log-2010-08-22 (17-56-31).txt Scan type: Quick scan Objects scanned: 131273 Time elapsed: 3 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\$RECYCLE.BIN\S-1-5-21-1435290023-205703798-4205854837-1000\$RSS9JZX\inmyehishdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Ran both quick and full scan afterwords and I'm clean. thank you.

Borislav, Hi and Thank you. I think that I may have got rid of it myself while waiting for your response I'll tell you what I did and if you think that I should do more, I will follow instructions. This was a little tricky bugger. After Mbam said it deleted it and it's still going, I booted again into safe mode, ran Mbam again and it said I was clean which obviously wasn't so as I was getting popups all over the place. I went into Msconfig, found a new item called "xskecdrp" linked to a file named "inmyhisdw.exe". Neither pacs-portal, bleepingcomputer or a Google search had any info on either of these. Went back into Msconfig, took xskecdrp out of Startup, then deleted the entire folder that inmyhisdw.exe was in/created. Rebooted and everything seems to be fine. Mbam runs, no popups. etc. Do I need to do more and how will I know for sure that I'm clean as Avast never found it and Mbam didn't find it the second time?

Got that phony Windows security warning to buy that crappy a-v software. Mbam wouldn't start. Started Won7 in safe mode, ran mbam, found trojan.dropper, removed it, then rebooted. It's still there and mbam still won't run. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4056 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 8/19/2010 7:26:03 AM mbam-log-2010-08-19 (07-26-03).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 216847 Time elapsed: 22 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\wharf\AppData\Local\Temp\0.6929776949982932.exe (Trojan.Dropper) -> Quarantined and deleted successfully.