Am I clean again ...Or do I still need Malware rehab?

ripley · February 24, 2010

I finally got through and corrected looping problem and have scanned with newer version of Malwarebytes. I haven't gotten on line yet, with the desktop... as the software hasn't been seen or updated for 27 days and I wanted to make sure these infections aren't lingering in registry keys, etc. Now I have a name to attach to this infection after a long month of scanning without results or fixes. Finally, a log with real infections caught and some quarantined. Sometimes giving up is not an option. I'll see if browser functions tomorrow after updating all tghat has been stagnating for a month when I couldn't get past the logon loop issue. Thank you all for your insight and posts to links, etc.

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

2/23/2010 8:28:35 PM

mbam-log-2010-02-23 (20-28-35).txt

Scan type: Full Scan (C:\|)

Objects scanned: 247812

Time elapsed: 1 hour(s), 28 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 13

Registry Values Infected: 1

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I hope this info on the type of malice that did this can help others and prevent this..in the constant battle against these things

ripley · March 3, 2010

I guess this should be closed at this point. Happy b-day to me, I have learned that a hacker and trojan has all of my family info and the month I spent trying is for not anyway. Hopefully some one else can get help, via the info learned, I learned about msn g emails and I haven't had the system online for over a month. I learned alot from visiting, so if it isn't closd go ahead, even cleaning won't help , so I hear via trojan and back door issues. I'd rather have some one helped anyway, considering my case isn't as clear via the hacker.

screen317 · March 17, 2010

Hi and welcome to Malwarebytes.

Do you still need help?

ripley · March 17, 2010

I figured a bunch of stuff out and received help with the trojan, etc elsewhere. The only issue left is no sound feature or device not working. Thank you for the reply.

If you know of fixes for the sound issue in XP please don't hesitate to pm or reply to me. The drivers are fine, something of a reaction to updates or recovering from the infection/s etc. Mircrosoft does not have a fix it that supports xp...only vista. Sound advice anyone?

screen317 · March 17, 2010

Hi,

How do you know the drivers are fine? Have you tried uninstalling the device all together, rebooting, and letting Windows reinstall it?

Are you sure that the sound simply isn't muted somewhere?

ripley · March 18, 2010

Hi,
How do you know the drivers are fine? Have you tried uninstalling the device all together, rebooting, and letting Windows reinstall it?
Are you sure that the sound simply isn't muted somewhere?

Hi Screen, I noticed the entertainment folder was empty once I was able to get the machine up and running again. I also went to Dell website and found the driver to reinstall, etc. there were many things I tried. One of the many things was to use the OEM reinstallation/drivers and utilities disk that Dell sent when the computer was sick/stuck in the log on loop way back in January. Additonally, I ran the diagnostics check, went through the device manager and troubleshooting tasks, updated to Windows Media Player 11, Quicktime, downloaded some notes re: sound devices and some via audio cat files. Just today I tried to play a video and received a pop up that MIME files for quick time were not configured and clicked to have it fixed...only in an effort to get sound. No sound. I can try to uninstall the driver, although the problem seemed related to the sound device. Prior to this I had used ms fix it to have our sick , now recovering system acknowledge the d: or cd/dvd rom drive. That worked fine and now D: drive is recognized but still no sound. Any ideas? Thanks again.

screen317 · March 20, 2010

This may potentially be a hardware issue.

Since it isn't malware related, I would recommend seeing what Dell has to say about it. Let me know what they tell you.

-screen317

screen317 · March 28, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Am I clean again ...Or do I still need Malware rehab?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information