Safe removal of "infected" files??

[easyasmuffin]

I'm worried about deleting some of these files, they seem important to Windows and I've had bad luck with this sort of thing in the past. Also, can I remove them in normal mode or should I be in safemode? (Why in safemode?) Anyway, here's the log:

Malwarebytes' Anti-Malware 1.38

Database version: 2414

Windows 5.1.2600 Service Pack 3

7/13/2009 2:22:39 PM

mbam-log-2009-07-13 (14-22-34).txt

Scan type: Full Scan (C:\|K:\|)

Objects scanned: 154906

Time elapsed: 1 hour(s), 3 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a20a380b-a3d0-4e10-b029-5e6fb5031dba} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a20a380b-a3d0-4e10-b029-5e6fb5031dba} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{09571a4b-f1fe-4c60-9760-de6d310c7c31} (Malware.Packer) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{345caa15-4f12-4a28-afe9-383625563a83} (Malware.Packer) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{f23b1f18-cb1a-47ed-a1fe-b60494a626d0} (Malware.Packer) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a06864f4 (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\Kids\Application Data\gadcom (Trojan.Agent) -> No action taken.

Files Infected:

C:\WINDOWS\system32\isfoyr.dll (Trojan.Vundo.H) -> No action taken.

Thanks for your time!

[AdvancedSetup]

These are infections and need to be removed. They should be placed in quarantine for you though automatically.

Please UPDATE MBAM firsst and scan again as shown below.

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
    
  • Click Update
    

  [*]When the update is complete, select the Scanner tab

  [*]Select Perform quick scan, then click Scan.

  [*]When the scan is complete, click OK, then Show Results to view the results.

  [*]Be sure that everything is checked, and click Remove Selected.

  [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Then post back the MBAM log and a new Hijackthis log.

[easyasmuffin]

Okay thank you very much! The program found less viruses this time, and I have qurantened them, but not emptied the quarantine yet. I'm wondering though, someone told me to go under settings and uncheck "Always scan extra and heuristics objects" is that correct? Anyway, here is the new log:

Malwarebytes' Anti-Malware 1.39

Database version: 2428

Windows 5.1.2600 Service Pack 3

7/14/2009 1:17:19 PM

mbam-log-2009-07-14 (13-17-19).txt

Scan type: Full Scan (C:\|K:\|)

Objects scanned: 158702

Time elapsed: 58 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a20a380b-a3d0-4e10-b029-5e6fb5031dba} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a20a380b-a3d0-4e10-b029-5e6fb5031dba} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a06864f4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\isfoyr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

[AdvancedSetup]

You can uncheck those items but then you're more at risk of Malware not being detected. The good thing about the Quarantine folder is IF it is a false positive then you can restore it. If you uncheck and never find the Malware but it attacks your system then you're stuck.

Please check for another update and scan again.

[easyasmuffin]

Okay, thank you very much for all ur help!!! I'll check the box and if I have any concerns, I can just make a new thread and post the log here. <3

[AdvancedSetup]

Are you still having any signs of infection?

Please disable your current Anti-Virus and run this Online AV scanner.

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  
• Click Start
  
• Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  
• Click Scan
  
• Wait for the scan to finish
  
• Re-enable your Anvirisus software.
  
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  

[AdvancedSetup]

Please post a status update on this.

Thanks.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.