Jump to content

Quarantined and deleted file comes BACK on reboot


Recommended Posts

Hope this is the correct forum section for this.

I'm running:

Malwarebytes' Anti-Malware 1.44 (free version)

Database version: 3610

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

Vista System32

A few weeks ago, a rogue program installed on my computer. It kept opening up and saying that my computer was infected and asked if I wanted to remove the infections and buy the product. I finally got was able to get rid of it when I used Hijackthis, and submitted my log to the online tool that tells whether things were safe or nasty.

This got rid of the application that was popping up. BUT.......a few days later I noticed that my Google search results were being hijacked to different search engines...example is....Searchfindsite.

I googled some more and saw that Malwarebytes helped remove this problem.

Malwarebytes originally found six problems and on reboot, they were removed.

A few days later I got the browser redirects again! BTW....I use Firefox 3.5.7 mostly, for my browser.

When I did a MWB scan, it found this:

Files Infected:

c:\windows\system32\drivers\uhcmeqi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

The above is the log for this. When I reboot, and I look for the above file in the Quarantined section.....it is NOT there.

So I do a MWB scan again, and it again finds the same Rootkit-Agent file (as above) and I again show results and remove the selected item, and get the same results saying the file has been quarantined and deleted. I get the restart my computer dialog box and click to restart.

The file is STILL not removed.

I should note that whenever I boot, I get a popup in the lower right saying Windows Security is blocking the startup of a program and asks for permission to start it. It's the Malwarebytes program, and give it permission. This happens as I said on all boots and reboots.. I don't know how to give it determinant permission. BTW....I installed MWBs as the administrator, and I also RUN the program as administrator. Just mentioning this as I know it might help figuring things out.

Thanks.

Dennis

Link to post
Share on other sites

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.

Alternately, you may contact our helpdesk and someone can work through this issue with you via e-mail.

Link to post
Share on other sites

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.

Alternately, you may contact our helpdesk and someone can work through this issue with you via e-mail.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.