Jump to content

Some advise please.


Recommended Posts

I started up my computer and malwarebytes popped up saying there was some rouge .exe opening and I quarantined it. As soon as that happened my computer doesnt know what to open any program in and generally started acting weird, I restored the file and my computer seemed fine again.

I then ran a quick scan and it came up with like 4000/5000 results. I was very suspicious so I checked out what had been flagged, all labelled as "file" and "Trojan dropper". I picked a few random file names and searched them, came up with some Russian stuff, 4 results. One came up on the spybot forums and it seemed to be causing lots of problems.

The MB log is in the attachment..

Should I delete them? Something inside me says no, there is no way thousands of files could have been downloaded with out me noticing and dont seem to be doing anything malicious.

Thanks alot!

mbam_log_2009_08_06__23_40_16_.txt

mbam_log_2009_08_06__23_40_16_.txt

Link to post
Share on other sites

  • Staff

Hi,

First of all, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please let mbam quarantine whatever it found, because how are you supposed to clean the malware from your PC otherwise?

Link to post
Share on other sites

Hi,

First of all, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"

  • In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.

  • Once the updates are downloaded, perform a quick scan again.

  • The scan may take some time to finish,so please be patient.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Make sure that everything is checked, and click Remove Selected.

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please let mbam quarantine whatever it found, because how are you supposed to clean the malware from your PC otherwise?

I know how to use malwarebytes and I updated it before I did the scan. What im asking you is should I press remove selected, im worried that its a false positive and im going to kill my computer by removing system32 files.

Link to post
Share on other sites

I just updated it to the newest database version. It hit system 32 and it picking up nearly every file as I speak, its on 2032 atm and going up quick.

They are all trojan droppers "file" and all seemed to start with "ms" and have the .exe file extension.

Link to post
Share on other sites

  • Staff

I see now. Those files it detected are certainly malicious, so please allow mbam to quarantine/delete them. Then reboot (IMPORTANT)

I also suggest, since you computer is so severly infected, is to backup important data you don't want to lose. This because severly infected computers may suddenly "crash" or become unbootable.

Then rescan with mbam and post the NEW log in your next reply (copy & paste) together with a HijackThislog.

Link to post
Share on other sites

  • Staff

Good,

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.