Jump to content

Recommended Posts

Guest neox

Hi Everyone,

From everything I have googled, I have some type of virus. Everytime I search anything about malwarebytes and click on links (yahoo.answers/ malwarebytes.forum ...etc) it redirects me to websites to purchase "fake" malwarebytes or other products.

I cannot install, run or access malwarebytes.org website. Or any other websites that have anything to do with malwarebytes. But I can access all other websites easily.

I tried uninstalling it and reinstalling it but no effect. This virus is smart and dosent want me installing or using malwarebytes/ that includes viewing the website...

Please help.

P.S If I do a virus scan not connected to the internet will it still identify the virus?

Thank You.

Computer spec:

Sony Vaio Laptop

Intel Pentium M Processor 1.8ghz

502mb ram

100gb hdd

windows xp pro service pack 2

Link to post
Share on other sites

Guest neox

I managed to get the scan to work by changing the names of everything to xxx lmao... I'll post the scan results as soon as I can gotta transfer from laptop to comp

Link to post
Share on other sites

Guest neox

Malwarebytes' Anti-Malware 1.38

Database version: 2297

Windows 5.1.2600 Service Pack 2

7/4/2009 1:05:09 PM

xxx-log-2009-07-04 (13-05-01)

Scan type: Quick Scan

Objects scanned: 104983

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 11

Registry Values Infected: 7

Registry Data Items Infected: 23

Folders Infected: 11

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.

HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> No action taken.

Folders Infected:

C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.

Files Infected:

c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.

c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.

c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

c:\documents and settings\Masacre\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> No action taken.

c:\documents and settings\Masacre\Application Data\config.cfg (Malware.Trace) -> No action taken.

c:\documents and settings\Masacre\Application Data\~tmp.html (Malware.Trace) -> No action taken.

c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.

c:\WINDOWS\Temp\tempo-823437.tmp (Trojan.DNSChanger) -> No action taken.

c:\documents and settings\Masacre\Local Settings\Temp\PlayMe.exe (Trojan.FakeAlert) -> No action taken.

C:\install.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

Guest neox

Malwarebytes' Anti-Malware 1.38

Database version: 2297

Windows 5.1.2600 Service Pack 2

7/4/2009 1:08:22 PM

mbam-log-2009-07-04 (13-08-22).txt

Scan type: Quick Scan

Objects scanned: 104983

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 11

Registry Values Infected: 7

Registry Data Items Infected: 23

Folders Infected: 11

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1088e16d-4a46-4475-bd22-65b7de331013}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ed848cd-4ca1-45db-bad3-9e7668186a5a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\documents and settings\Masacre\local settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Masacre\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\Masacre\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\tempo-823437.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

c:\documents and settings\Masacre\Local Settings\Temp\PlayMe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

  • Root Admin

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

Guest neox

I did another malwarebytes scan and it found trojan.agent >>> said it would remove upon restart...

Well I clicked restart and the computer did not restart.... It seemed like it tried then failed... but after i try clicking the power button and it starts?

Link to post
Share on other sites

Guest neox

How come I can't run:

Combofix

and

Hijackthis

I install both to desktop, disable anti-virus and close all windows.

I click on there icons and nothing happens.

Link to post
Share on other sites

Guest neox

Ok sorry, let me try to explain better.

I did a Malwarebytes scan and it found trojan.agent and told me it will be removed upon reboot. So I click reboot.

The computer shutsdown and does not turn back on unless I press the power button.

Now I installed Hijackthis and Combofix, but when I click on there icon on my desktop nothing happens.

---------

Its getting late here and I g2g, I'll check back 2morrow,

Thanks for your help.

Link to post
Share on other sites

Guest neox

Another thing before I go...

I just searched something on google and it told me one of the links was yahoo.answers

So I click on it and it redirects me to this place: http://www.toseeka.com (some kind of search engine)

and I noticed that this is happening with all the links I click on, it redirects me to another website

Link to post
Share on other sites

  • Root Admin

Okay, see if one of these routines helps to correct it and allow MBAM to run and scan please.

Procedures to help resolve issues preventing MBAM from running

  1. MBAM won't run(Fix), SystemSecurity
  2. MBAM wont install or will not run., CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX
  3. MB won't run(Fix) - Total-Security (FakeAlert)
  4. MBAM wont run (Fix) - av360 (Fakealert)
Link to post
Share on other sites

Guest neox

I am search random things and reading the links, I click on the link and I get redirected to a totally different site.

I searched someone name and facebook on google, I clicked the link and it redirected me to a diet ad...

Malwarebytes' Anti-Malware 1.38

Database version: 2377

Windows 5.1.2600 Service Pack 2

7/6/2009 12:41:24 AM

mbam-log-2009-07-06 (00-41-24).txt

Scan type: Quick Scan

Objects scanned: 108125

Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.