surgedark

bump

bump

bump

bump

bump

I am unable to update seeing as it requires me to install a new file and my PC won't let me do that, nor will downloading the DDS work, but I scanned it and here is the log: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6305 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 4/7/2011 6:38:32 PM mbam-log-2011-04-07 (18-38-32).txt Scan type: Quick scan Objects scanned: 214297 Time elapsed: 23 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 4 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rbifuvupoqoxevu (Trojan.Agent.U) -> Value: Rbifuvupoqoxevu -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IKXGVMFZHI (Trojan.FakeAlert) -> Value: IKXGVMFZHI -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Whabivanomozo (Trojan.Agent.U) -> Value: Whabivanomozo -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user\AppData\Local\tvi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user\AppData\Local\tvi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user\AppData\Local\tvi.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Windows\System32\usbuib.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\0.13520466118561936.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\Temp\0.3328110843756691.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

?????

My computer has a virus that is refusing to die. On Sunday, a virus appeared known as "Vista Anti Virus 2011" which I am sure you guys are aware of judging from the posts, after awhile I managed to run Malwarebytes and the virus was seemingly destroyed. After that, however, my PC was all screwed up. The icons didn't work unless I right clicked and pressed "Run as Administrator" and when I get into a browser and click website links, they lead me to a random advertisement site unless I manually type in the correct URL which gets annoying after awhile. But the biggest problem of all is that system restore and pretty much all of my other PC programs don't work. Video games and the Internet work fine, but I was really hoping was that now that I got rid of the virus, I would be able to access system restore, but to no avail. If I try to boot system restore up, it says "System restore is turned off" and it then gives me a link to turn it back on (I think the link lead to "system"). The link was unclickable however, so I manually find system, but guess what? System is not found apparently, I even tried to run system restore from CMD, and CMD wasn't found. I rebooted the computer into Safe Mode with Command Prompt and the CMD was there afterall. (So the programs are THERE but my computer keeps saying they aren't). So I tried to run system restore from there...and it wasn't found. Then the virus comes back, I destroy it with Malwarebytes, it came back again later under different names like "Vista Home Security." Can anyone please help me? I have no idea if the Malwarebytes destroyed my computer or if the Virus did. Even though the virus prevented me from running the programs, they were still able to open before I used Malwarebytes. Last two logs (First one is more recent): Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6282 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 4/6/2011 7:25:16 PM mbam-log-2011-04-06 (19-25-16).txt Scan type: Full scan (C:\|) Objects scanned: 243523 Time elapsed: 2 hour(s), 3 minute(s), 47 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\Users\user\AppData\Local\quk.exe (Trojan.Agent) -> 6020 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\user\AppData\Local\quk.exe (Trojan.Agent) -> Quarantined and deleted successfully. SECOND LOG Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6282 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 7.0.6001.18000 4/6/2011 4:25:20 PM mbam-log-2011-04-06 (16-25-20).txt Scan type: Quick scan Objects scanned: 211945 Time elapsed: 13 minute(s), 20 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: c:\Users\user\AppData\Local\sdf.exe (Trojan.Agent) -> 1248 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Whabivanomozo (Trojan.Agent.U) -> Value: Whabivanomozo -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user\AppData\Local\tvi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user\AppData\Local\tvi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\user\AppData\Local\tvi.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Users\user\AppData\Local\sdf.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\user\local settings\sdf.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\user\local settings\application data\sdf.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Jgocya.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\user\AppData\Roaming\microsoft\Windows\start menu\spyware protection.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\user\AppData\Roaming\microsoft\Windows\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\user\AppData\Roaming\microsoft\Windows\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\user\AppData\Local\ukihuxewo.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

My computer has a virus that is refusing to die. On Sunday, a virus appeared known as "Vista Anti Virus 2011" which I am sure you guys are aware of judging from the posts, after awhile I managed to run Malwarebytes and the virus was seemingly destroyed. After that, however, my PC was all screwed up. The icons didn't work unless I right clicked and pressed "Run as Administrator" and when I get into a browser and click website links, they lead me to a random advertisement site unless I manually type in the correct URL which gets annoying after awhile. But the biggest problem of all is that system restore and pretty much all of my other PC programs don't work. Video games and the Internet work fine, but I was really hoping was that now that I got rid of the virus, I would be able to access system restore, but to no avail. If I try to boot system restore up, it says "System restore is turned off" and it then gives me a link to turn it back on (I think the link lead to "system"). The link was unclickable however, so I manually find system, but guess what? System is not found apparently, I even tried to run system restore from CMD, and CMD wasn't found. I rebooted the computer into Safe Mode with Command Prompt and the CMD was there afterall. (So the programs are THERE but my computer keeps saying they aren't). So I tried to run system restore from there...and it wasn't found. Then the virus comes back, I destroy it with Malwarebytes, it came back again later under different names like "Vista Home Security." Can anyone please help me? I have no idea if the Malwarebytes destroyed my computer or if the Virus did. Even though the virus prevented me from running the programs, they were still able to open before I used Malwarebytes.