Jump to content

Recommended Posts

Below is the latest scan I ran without a trace of malware. However, I continue to get redirected and experience continuous reboots at startup. I get to the point where I can see my desktop and icons but then screen goes black and the reboot process starts all over again. The only way I can intervene is by hitting F8 and entering pc at Safe Mode level which allows me to then to have Internet access and the ability to run MBAM. If helpful I can show log that did find the malware previously. Any assistance is appreciated. Thank you.

Malwarebytes' Anti-Malware 1.38

Database version: 2317

Windows 5.1.2600 Service Pack 3

6/20/2009 7:19:38 PM

mbam-log-2009-06-20 (19-19-38).txt

Scan type: Quick Scan

Objects scanned: 183613

Time elapsed: 25 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

Link to post
Share on other sites

Hi and welcome to the forum! Do you have all these files below in the Trusted area of your Firewall & AV software?

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows 2000/XP)

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows Vista)

please take a look and reply back, thank you...

EDIT: It would help if I know what you are using for AV & a Firewall please

Link to post
Share on other sites

Yardbird,

Thank you very much for responding so quickly. To be very blunt - I don't know. In fact I do not even know where to check or look to confirm your questions. I am a total amateur or newbie when it comes to computer troubleshooting. Can you direct me?

Steve

Link to post
Share on other sites

Yes, in fact I ran AVG twice with no detection whatsoever. The malware had the system (scan) slowed to the point it took most of this week to run them. So then I researched some of the issues on my work pc and discovered MBAM. That scan found the malware right away. But as indicated earlier, the pc still has issues.

Link to post
Share on other sites

The issues are PC Keeps Rebooting at Startup, any other issues, any error messages? anything else you need to tell me. and wes should stay on the topic of the computer that is giving you trouble. (If you have another pc thats ok. Or needs attn. we will deal with that in a new thread. ok?)

Link to post
Share on other sites

Guest victimized

I have seen a case like this when the pc keeps rebooting when an anti-virus/ malware/spyware removal tool finds a virus, infected with zango?

Link to post
Share on other sites

I have seen a case like this when the pc keeps rebooting when an anti-virus/ malware/spyware removal tool finds a virus, infected with zango?

Look over the thread from the top, please.. remember no. # 3 he's new. After he replies back

let me know what ideas you have please

Link to post
Share on other sites

There are no other messages or errors or anything like that. The only issues are 1) continuous reboot just as my desktop shows itself, and 2) redirecting links (even in safe mode).

Additional info: after MBAM discovered the infections, I rebooted the pc and it worked just fine for about three or four hours. Then it suddenly rebooted by itself and has not worked correctly since.

I'm in safe mode now and it is the only way for me to communicate with you.

And yes, I totally agree....one pc at a time.

Link to post
Share on other sites

Yes, below is the log that found the infections:

Malwarebytes' Anti-Malware 1.38

Database version: 2310

Windows 5.1.2600 Service Pack 3

6/20/2009 6:46:45 AM

mbam-log-2009-06-20 (06-46-45).txt

Scan type: Quick Scan

Objects scanned: 180861

Time elapsed: 24 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\AVR09.exe (Adware.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Steve your only issue is PC Keeps Rebooting at Startup, your log on top, has the current databse, & this log has DB 2310. Can you go into windows?, I know your in safe mode. Can you try it? and reply back with any errors, what works & what does not work? I need to look at AVG. and see how it should be configured & I need to look at 1 item in the old log... which when you scan it with the new database shows clean. I don't use AVG so I'll have to look at it on the net. and I or someone else from support will post back. it may be later. any questions for now? See about going into windows please. I'll wait here until you reply back -- see if you get that far 1st....

Link to post
Share on other sites

I had a PC that would keep rebooting every time the user would try to shut down. Everything worked fine for the user until they tried to manually shut down. Once they tried to shut down the computer would just restart instead. I was able to scan the PC in safe mode using MBAM. It turns out the infection was Trojan.Vundo. I am not sure if this helps at all.

Link to post
Share on other sites

Yardbird,

I made it through! Here is what I did. I closed out of everything and then went through the process of shutting down pc. Instead of restarting, I shut completely down, waited for 30 seconds and then pressed button to start the computer again. I booted up fine with no problems. My desktop showed up and everything looked fine. I clicked on the MS IE button on the bar at bottom of screen and after a few seconds I got a typical error message from MS Windows saying 'The system has recovered from a serious error. A log of this error has been created.' Then it basically goves me the option to tell Microsoft about the problem so I can send an error report to them. The buttons say 'Send Error Report' or 'Don't Send'.

Link to post
Share on other sites

It helps, I don't recall where the post was on this board? when you run mbam in safe mode you don't get all that it should do. Since like right now I have 3 windows open helping others ..I had no time to research that? The post went on to say you get the all that mbam can give when run in windows... it was posted by an admin... and I haven't had time to think about that. but all process's don't run in safe mode... its hard for me to recall a passing post... when I was busy & it was not directed at me...

another mystery?

EDIT: are you in windows ?

Link to post
Share on other sites

Why don't I show this post to support staff... do you think it will hold in windows?

EDIT: I believe when you updated your database, it cleaned thing up.... but it can be a hardwear prob? Or the mbam files need to go in the trust arae of AVG? Hows it holding up in windows?

Link to post
Share on other sites

Read the reply just above your post, so I know you did not miss that? Glad all is working. If any problems happen, take note of any errors, and please post back on a new thread. with the problem if any.... glad your fixed up... Let us know if we can do anything else? regards

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.