Jump to content

Work Computer regisrty key infected


TDO

Recommended Posts

We got the Security 2010 virus on 1-23. We used Malwarebytes and AVG to clean the system, however I am stilll getting a Registry Key Infection notice when I run a quick or complete scan.

Here is a copy of the log from this morning. Any help will be greatly appreciated - my boss gets back from vacation tomorrow. I'd like to have a solution instead of a problem by then :lol:

Malwarebytes' Anti-Malware 1.44

Database version: 3642

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

1/27/2010 8:57:13 AM

mbam-log-2010-01-27 (08-57-13).txt

Scan type: Quick Scan

Objects scanned: 113165

Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

Link to post
Share on other sites

I have the same exact log. If I do a search through my IE Toolbar, then click on a link shown through the search it will take me to another site or search engine. Even links shown on Malaware Bytes it will do the same thing..

Malawarebytes removes it but then it returns a few minutes later. I'm running the free version, If I purchase Malawarebytes with it's active protection, will it prevent this from reoccurring?

My Log:

Malwarebytes' Anti-Malware 1.44

Database version: 3662

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/31/2010 7:50:10 AM

mbam-log-2010-01-31 (07-50-10).txt

Scan type: Quick Scan

Objects scanned: 128401

Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and

deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected

Link to post
Share on other sites

Hello.

Can I see the DDS logs and GMER log? Does those two scan work?

That Registry key is probably locked or has permissions on it and thus why MBAM can't remove it. I would like to see those logs first before we continue. Purchasing Malwarebytes would indeed help you in the future for future infections with it's protection module however, it won't fix the current problem right now.

Link to post
Share on other sites

Hello.

Can I see the DDS logs and GMER log? Does those two scan work?

That Registry key is probably locked or has permissions on it and thus why MBAM can't remove it. I would like to see those logs first before we continue. Purchasing Malwarebytes would indeed help you in the future for future infections with it's protection module however, it won't fix the current problem right now.

I can't get to my computer. I work M-F.

Link to post
Share on other sites

  • 2 weeks later...
Are you still there?

Yes, Sorry I didn't get back to you. I was not permitted to download anything onto my computer while it was infected, so I couldn't get you the information you requested. Thursday morning I fired the computer up at 7:00 am, at 7:05 am I got the blue screen of death. What ever got into the computer killed it. I got a call from the person that fills in for me on Wednesday evening. She said she was looking for something online and the computer went crazy on her (her description). The hard drive was chattering and she could not access any programs or files. I go in on Thursday morning and that was it for the computer.

That brings us to this week! Again on Saturday, since I have a new computer, I didn't have the normal printer I use hooked up. The girl that fills in for me is a college student. She is trying to research and write a paper. She can't get anything to print, so she goes into the office adjoining mine, gets on the computer, goes to the website she found her information on and prints it. Everything is right in her world.

Monday morning 9:00am, the guy in that office fires up his computer, at 9:15 he goes into IE to get online, at 9:16 he gets the exact same virus I had on my computer!

We don't know where she went when she was on his computer but we are pretty sure both infections are related to her online activity. If it looks like a duck...

I do thank you for taking the time to answer my questions and for trying to help. Not being allowed to download anything to try to find a fix really worked out. ;)

Link to post
Share on other sites

Apologize that we couldn't help further. Below are some prevention tips:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Some of the main things you should consider to perform/read are:

  • Having ONE Anti-Virus installed and running with real-time protection
  • Disabling Autorun/Play on Flash-Drive/Removable Drives
  • Avoid gaming sites, underground web pages, pirated software sites, and Peer to Peer Programs
  • Keep Windows Updated through going to Windows Updates
  • Updating Non-Microsoft Programs
  • Keeping Security softwares updated

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

And, I'll notify a Mod to close this topic.

Thanks.

~EB

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.