houston911 Posted October 14, 2009 ID:142657 Share Posted October 14, 2009 Hello,I had some rogue malware on my computer including Police pro. I followed some of the threads and got combofix to run. Immediately after this, I ran malwarbytes in quick scan. It removed a bunch of viruses.The problem now, is if I launch malwarebytes, it does not run. If I try installing it again it goes through the installation but comes up with an error below:---------------------------Setup---------------------------Unable to execute file:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeCreateProcess failed; code 2.The system cannot find the file specified.---------------------------OK ---------------------------If reboot and install it installs gets updates and I can quick scan. I find a virus:Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.After I uninstall, reboot and after a short while I run malwarebytes, I cannot execute. Go through the same cycle reboot, install, clean and after a while cannot run malwarebytes.Any help is appreciated.Maistran Link to post Share on other sites More sharing options...
sUBs Posted October 14, 2009 ID:143192 Share Posted October 14, 2009 Delete your existing copy of ComboFix and then visit this webpage for instructions for downloading a fresh:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that. Link to post Share on other sites More sharing options...
houston911 Posted October 15, 2009 Author ID:143508 Share Posted October 15, 2009 Hello,Thank you for your help. Please find attached the Combofix log.Maistrancombofix_log_101309_houston911.txt Link to post Share on other sites More sharing options...
sUBs Posted October 15, 2009 ID:143534 Share Posted October 15, 2009 That looks very good. You appear to have weathered the storm. ESET Online ScannerPlease go to the following link ESET Online Scanner LinkTick the box YES, I accept the Terms Of UseClick the Start buttonNow click the Install buttonClick Start The scanner engine will initialise and updateDo Not tick the box Remove found threatsClick the Scan button The scan will now run, please be patientWhen the scan finishes click the Details tabCopy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here. Link to post Share on other sites More sharing options...
houston911 Posted October 16, 2009 Author ID:143995 Share Posted October 16, 2009 Hello sUBs,Please find attached my log file from ESET scan.Thanks for all the help.MaistranC:\Qoobox\Quarantine\C\WINDOWS\system32\birokugi.dll.vir a variant of Win32/AntiAV.NCZ trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\bumujuna.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\dafirulo.dll.vir a variant of Win32/AntiAV.NCZ trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\gejuzifa.dll.vir Win32/KillAV.NFO trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\gulotema.dll.vir a variant of Win32/AntiAV.NCZ trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\hotalobu.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\hoyuvuki.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\moturofa.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\nuhogubo.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\robovoji.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\sinizamu.dll.vir a variant of Win32/AntiAV.NCZ trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\vowevega.dll.vir a variant of Win32/Adware.SuperJuan.F applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\yoguyutu.dll.vir a variant of Win32/AntiAV.NCZ trojanC:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus applicationC:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application Link to post Share on other sites More sharing options...
sUBs Posted October 16, 2009 ID:144010 Share Posted October 16, 2009 Of the stuff found, C:\QooBox is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFixNow that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure: Uninstall ComboFix ... do not skip this stepThis process will perform some post cleanup measures. Do this by going to to Start > Run & typing in ComboFix /uANTIVIRUS SOFTWARE It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.Microsoft Windows Update → http://www.windowsupdate.comVisit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywareinfoforum.com/index.php?showtopic=60955After doing all these, your system will be optimised against future threats..Have a safe & happy computing day. Kindly respond to this thread once more so we can mark this thread as resolved. Link to post Share on other sites More sharing options...
houston911 Posted October 16, 2009 Author ID:144069 Share Posted October 16, 2009 sUBs,Seems like problems are all resolved. Thanks for all the help, this is an awesome forum.Maistran Link to post Share on other sites More sharing options...
Recommended Posts