PSull Posted January 19, 2010 ID:186335 Share Posted January 19, 2010 I was infected last night while using google image to look up 3d crowbar models. Weird target audience huh? I have AntiVir's guard active all the time, but still, a fake alert randomly popped up.. Win Protector or something.. doing a fake scan. I Alt+F4d right away and checked my running processes. Something that was weird to me was that I had two wmiprvse.exe, but one was a "network service". Not sure if that is abnormal, or if I just never noticed it before.Since then I have scanned with AntiVir which comes up with nothing and I just re-downloaded MBam about an hour ago, but it kept saying the install was corrupted and to download it again. I eventually downloaded it from cnet instead, which worked, but I don't think it's up-to-date, so I clicked Update which gave me this error:An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team.Error code: 732 (12029, 0)Regardless, I did a search for recently created files and found the WinProtector or SysGuard or whatever in Administrator/Local Settings and deleted the whole folder (it was called 'mgbuiy' or something) since it was created the same day, and scanned with MBam which found two things at the very end, and here is the log:Malwarebytes' Anti-Malware 1.44Database version: 3510Windows 5.2.3790 Service Pack 2Internet Explorer 8.0.6001.187021/19/2010 3:18:20 PMmbam-log-2010-01-19 (15-18-20).txtScan type: Full Scan (C:\|)Objects scanned: 216913Time elapsed: 41 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)It would seem that it's been dealt with then, but, if I run HJT, I get a lot of (file missing) errors next to, what I THINK are critical Windows processes... so I'm afraid to click them and click Fix Checked... Unless they are all fake...?I haven't gotten any fake pop-ups aside from the very first one which I alt-F4'd as fast as I could, however, there are those file missing things and Internet Explorer doesn't connect anymore. I don't use IE, I use FireFox, but it's still troubling... it says:Internet Explorer cannot display the webpage What you can try: It appears you are connected to the Internet, but you might want to try to reconnect to the Internet. Retype the address. Go back to the previous page. Most likely causes: Link to post Share on other sites More sharing options...
Recommended Posts