Jump to content

Recommended Posts

Here is my hijackthislog and malwarebytes log. anyhelp would b great

Malwarebytes says it will delete after reboot but it does not. In safe mode these threats are not detected. System Restore off.

S.O.S please.

thanks

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:06:05 PM, on 2/20/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Raxco\PerfectDisk2008\PDAgentS1.exe

C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVO.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership?Comp=%...D35363330323841

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/mothership

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/mothership

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Keyboard OSD Utility] "C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe" /lang en /H

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

O4 - HKLM\..\Run: [seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AVO Ram Optimizer] c:\program files\systweak\advanced vista optimizer 2009\AVO.exe -s

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVO2009 Defrag - Systweak Inc. - C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: Google Update Service (gupdate1c98923ffccdf18) (gupdate1c98923ffccdf18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PDEngine.exe

O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 10712 bytes

next:

Malwarebytes' Anti-Malware 1.34

Database version: 1780

Windows 6.0.6001 Service Pack 1

2/20/2009 2:32:50 PM

mbam-log-2009-02-20 (14-32-45).txt

Scan type: Quick Scan

Objects scanned: 56793

Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 66

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> No action taken.

C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\local settings\application data\eqsog.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.

C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\TempImages\IIEPRS.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\TempImages\IIEPR.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> No action taken.

C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.

C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.

C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> No action taken.

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> No action taken.

C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.

C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> No action taken.

C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.

C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> No action taken.

C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> No action taken.

C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> No action taken.

C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> No action taken.

C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> No action taken.

C:\Users\Default\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.

C:\Users\Default\Start Menu\Programs\Startup\AntiSpy Protector.lnk (Rogue.AntiSpyProtector) -> No action taken.

C:\Users\Default\Application Data\Microsoft\Windows\rayio.exe (Adware.WinButler) -> No action taken.

C:\Users\Default\Start Menu\Programs\Startup\AntiSpyware Protector.lnk (Rogue.AntiSpyware) -> No action taken.

Malwarebytes says it will delete after reboot but it does not. In safe mode these threats are not detected. System Restore off.

S.O.S please.

thanks

Link to post
Share on other sites

  • Root Admin

Everything listed under C:\Users\Default\ appears to be a False Positive. The MBAM developers are working on locating the issue.

For now please place these items on the IGNORE list and they should not show up again till this is fixed.

Just to make sure please scan your system with this AV scanner and let me know if it finds anything or not, AND RE-enable your System Restore please.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.