fake virus

[drdom]

I domehow got infected with this virus the other day. I have ran all sorts of anti virus to get ride of it. I am now able to see my desk top icons, but nothing else. Not sure if the virus is still there and something is messedup in registry or if it is still there. The attached malwarebyte scan was done to get ride of the virus. I ran another one and the last one was clean, but still can only see desk top icons.

Help please

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8336

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

12/9/2011 7:28:41 AM

mbam-log-2011-12-09 (07-28-41).txt

Scan type: Quick scan

Objects scanned: 263430

Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 6

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

c:\Users\dr. chagnon\mafi6whezj.exe (Backdoor.Bot) -> 2892 -> Failed to unload process.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mafi6whezj (Backdoor.Bot) -> Value: mafi6whezj -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1708252147 (Trojan.Agent) -> Value: 1708252147 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1668664 (Trojan.Agent) -> Value: 1668664 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\971371 (Trojan.Agent) -> Value: 971371 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\2071428 (Trojan.Agent) -> Value: 2071428 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\dr. chagnon\mafi6whezj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Users\Guest\AppData\Local\Temp\00010646.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\Users\Guest\AppData\Local\Temp\oj8mm7v3yqovav.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.

c:\Users\Guest\mafi6whezj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

mbam-log-2011-12-09 (07-28-41).txt

[daledoc1]

Hello, and welcome to Malwarebytes, drdom:

Sorry to hear that your computer may be infected.

We cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

So, please read the following to get started on the cleaning process:

IMPORTANT NOTE: Please do NOT use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

FOR SELF-HELP INFO:

• Excellent, self-help troubleshooting info for getting MBAM to run on an infected machine can be found here.
  
• And there are specific, self-help malware removal instructions here.
  

FOR EXPERT ASSISTANCE with cleaning your system, there are 3 support options:

• Option 1 -- Free, Expert advice in the Malware Removal Forum
  
• Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  
• Option 3 -- Premium, Fee-Based Support
  

OPTION 1

As we don't deal with malware removal in this area of the forums, you'll need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware-related problems/infections.

• First, please print out, read and CAREFULLY FOLLOW the directions here, skipping any steps you are unable to complete.
  
• If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  
• Then please post a NEW topic in the Malware Removal forum.
  
• Please do NOT post in an open topic started by another member in the malware removal forum, even if the problem appears to be similar to yours.
  
• When posting your new thread, under "options", make sure to select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  
• One of the expert helpers there will give you free, one-on-one assistance when one becomes available.
  

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

• 
  o If there is no reply from any experts after 48 hours, you may reply to the topic, asking for help again.
  Or
  o You may send a Private Message to a Moderator, asking for assistance.
  

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the button instead of other ones when you reply here and at the other forums, so that it will be easier to read.