TheSentinel Posted September 24, 2009 ID:132683 Share Posted September 24, 2009 Hello, I was on the web earlier and picked up this virus. I've rebooted three times. There's a red circle and x in my toolbar. Everytime it's quaranted, it needs to restart. Then after the restart, the circle pops up saying "Windows has detected spyware infection! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you." When I click it doesn't do anything. The current scan is up to 7 objects. Here's the list from last scaMalwarebytes' Anti-Malware 1.33Database version: 1732Windows 5.1.2600 Service Pack 39/24/2009 4:47:25 PMmbam-log-2009-09-24 (16-47-25).txtScan type: Quick ScanObjects scanned: 57866Time elapsed: 38 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\Son of Duh\Application Data\svcst.exe (Backdoor.Bot) -> Delete on reboot.C:\WINDOWS\SYSTEM32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.n. Please help! Link to post Share on other sites More sharing options...
mountaintree16 Posted September 24, 2009 ID:132686 Share Posted September 24, 2009 Welcome to the forum, TheSentinel Please post your log and everything that you said in your post here:http://www.malwarebytes.org/forums/index.php?showforum=7this is the only place that logs will be worked on.Someone will be along to assist you as soon as possible. Please be patient though, as there are many people waiting for help. If you do not get a reply within 48 hours, please feel free to "bump" up your post.You'll be in good hands! And good luck Link to post Share on other sites More sharing options...
nosirrah Posted September 24, 2009 ID:132699 Share Posted September 24, 2009 Malwarebytes' Anti-Malware 1.33Database version: 1732You are 8 application versions behind and more than 1000 database versions out of date . Why on earth are you not ever updating ? Neglecting to update is worse than uninstalling MBAM altogether as you are giving yourself a false sense of security .If you update to the newest version and then newest definitions this threat will be removed . Link to post Share on other sites More sharing options...
TheSentinel Posted September 24, 2009 Author ID:132704 Share Posted September 24, 2009 You are 8 application versions behind and more than 1000 database versions out of date . Why on earth are you not ever updating ? Neglecting to update is worse than uninstalling MBAM altogether as you are giving yourself a false sense of security .If you update to the newest version and then newest definitions this threat will be removed . I updated about an hour ago, running full scan. Link to post Share on other sites More sharing options...
mountaintree16 Posted September 24, 2009 ID:132710 Share Posted September 24, 2009 @ Nosirrah,I didn't even notice that he was so behind, thanks for pointing that out!@ TheSentinelPlease run a quick scan... remove whatever it finds, reboot if it asks, and then run a full scan if you wish! Link to post Share on other sites More sharing options...
TheSentinel Posted September 24, 2009 Author ID:132715 Share Posted September 24, 2009 Oops, well, the current full scan has 7 detections. I will check for more updates after it reboots. Although, the newest update said 9/10/09, so I think I'm caught up. However, I could be very wrong. I gotta get on top of these things. Link to post Share on other sites More sharing options...
mountaintree16 Posted September 24, 2009 ID:132718 Share Posted September 24, 2009 @ TheSentinelThat's okay. Remove them, then reboot if necessary.9/10 is the newest date for the new VERSION, not the newest detection definitions. You may have to download the newest detection definitions after updating to the newest version, sometimes this happens.Then do a quick scan!!If you still need help, post in the forum that I gave you a link to in my first reply. Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132737 Share Posted September 25, 2009 I'll look for that. I'm going to stay logged in, but I'm going out. So, if anyone posts something, please excuse my absence. I'll update you on the situation. Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132765 Share Posted September 25, 2009 It's alright, and thank you for keeping us posted Link to post Share on other sites More sharing options...
noknojon Posted September 25, 2009 ID:132773 Share Posted September 25, 2009 I think the latest version is 1.41 - 2857 ~ Updated this morning - Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132793 Share Posted September 25, 2009 Yeah, just updated it. Where's the download for detection definitions? Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132794 Share Posted September 25, 2009 @ TheSentinelDid you update internally or are you looking for a standalone update file? I can give you the link for the latter, if you need it Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132795 Share Posted September 25, 2009 I updated through the MBAM that was already installed-I guess that's internal Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132796 Share Posted September 25, 2009 You're all set then. What is your database number? (can be found on the update tab) I'll compare it with mine - I just updated Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132799 Share Posted September 25, 2009 2857 Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132801 Share Posted September 25, 2009 That's what mine is too You are good to go, at least as far as definition detections go.Are you on the paid or the free version? Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132804 Share Posted September 25, 2009 Free. Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132806 Share Posted September 25, 2009 @ TheSentinelIt's a great program, isn't it? I'm so happy I found it.Good luck in the HJT forum, hopefully nothing too major is going on. Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132809 Share Posted September 25, 2009 Alright, Thanks. I'm going to do the Full Scan. Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132814 Share Posted September 25, 2009 You're welcome Did you do a quick scan first though? Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132831 Share Posted September 25, 2009 Started to, but my dad said stop, and remove all the things from quarantine-matter of fact it picked up a rootkit. That was quarantined, but not totally removed-which may come back and get me. Well, it's running the full scan. Probably another 2 hours there. Me, I'm off to bed, oh and we disconnected the router, so I'm on an iPhone right now Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132832 Share Posted September 25, 2009 wait, were they restored from quarantine or REMOVED?Alright. Its best to run a quick scan first though, and then a full scan if you wish have a good nights rest. Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132842 Share Posted September 25, 2009 removed Link to post Share on other sites More sharing options...
mountaintree16 Posted September 25, 2009 ID:132843 Share Posted September 25, 2009 That was more likely than not a good call, however, it is a good idea to keep items there for at least a couple days, just in case there was a FP. I doubt that there was a false positive in your case though. Link to post Share on other sites More sharing options...
TheSentinel Posted September 25, 2009 Author ID:132934 Share Posted September 25, 2009 FP? Well, I look into it. Just got up. I'll check my computer in a few minutes. Should be good, probably 20 or 30 things in there Link to post Share on other sites More sharing options...
Recommended Posts