calibay Posted March 6, 2010 ID:210502 Share Posted March 6, 2010 Hi everyone - Normally I have Kaspersky 2009 (with the most up-to-date virus definitions, and I do run my virus checks almost daily), but somehowthe software didn't catch this Antivirus XP 2010 thing. Suddenly I have a "Security Center" popup with all of these ERROR/DANGER messages popping up. I've been closing them.I ran the virus scan in Safe Mode with Networking - nothing found - the Antivirus XP 2010 actually appeared in Safe Mode! So I wanted to install Malwarebytes and it wouldn't let me install in Normal Mode. I changed the file name and it still won't let me do that. I even went in to stop the AV.exe process from running first and then click on Malwarebytes - but whenever I click on the install icon, AV.exe comes right back.Any thoughts? Thank you very much in advance.I am going to run DeFogger and Rootkit Scanner shortly.Thank you. Link to post Share on other sites More sharing options...
calibay Posted March 6, 2010 Author ID:210511 Share Posted March 6, 2010 Hi everyone - Normally I have Kaspersky 2009 (with the most up-to-date virus definitions, and I do run my virus checks almost daily), but somehowthe software didn't catch this Antivirus XP 2010 thing. Suddenly I have a "Security Center" popup with all of these ERROR/DANGER messages popping up. I've been closing them.I ran the virus scan in Safe Mode with Networking - nothing found - the Antivirus XP 2010 actually appeared in Safe Mode! So I wanted to install Malwarebytes and it wouldn't let me install in Normal Mode. I changed the file name and it still won't let me do that. I even went in to stop the AV.exe process from running first and then click on Malwarebytes - but whenever I click on the install icon, AV.exe comes right back.Any thoughts? Thank you very much in advance.* I just ran DeFogger and it did say Finish! but didn't prompt me to restart the computer (Note: I stopped the AV.exe process before starting DeFogger, but when I clicked on DeFogger AV.exe came back again, so I got rid of it for the time being). Is that okay? Can I just restart myself?Thank you. Link to post Share on other sites More sharing options...
calibay Posted March 6, 2010 Author ID:210512 Share Posted March 6, 2010 * I just ran DeFogger and it did say Finish! but didn't prompt me to restart the computer (Note: I stopped the AV.exe process before starting DeFogger, but when I clicked on DeFogger AV.exe came back again, so I got rid of it for the time being). Is that okay? Can I just restart myself?I can't seem to upload the defogger file - it says "upload failed. you are not permitted to upload this type of file". Link to post Share on other sites More sharing options...
calibay Posted March 6, 2010 Author ID:210612 Share Posted March 6, 2010 FYI everyone I am using these steps to remove:http://www.bleepingcomputer.com/virus-remo...irus-vista-2010Right now it's allowed me to install Malwarebytes after using a FixReg.exe file that's on the page - but before you do take a look at my other post so that you could backup your reg before you do this:http://forums.malwarebytes.org/index.php?s...mp;#entry210609I will report soon on how this all plays out... Link to post Share on other sites More sharing options...
calibay Posted March 6, 2010 Author ID:210624 Share Posted March 6, 2010 After running that FixReg.exe file and installing Malwarebytes, I received an error 732 (12007,0). I didn't back anything up, but Malwarebytes is now running and scanning. My DeFogger files - didn't even think about just cutting-and-pasting, but it's heredefogger_disable by jpshortstuff (23.02.10.1)Log created at 09:54 on 06/03/2010 (calibay)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=- Link to post Share on other sites More sharing options...
Staff screen317 Posted March 7, 2010 Staff ID:211111 Share Posted March 7, 2010 Hi and welcome to Malwarebytes.Download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.After you do that, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
calibay Posted March 9, 2010 Author ID:211996 Share Posted March 9, 2010 I ended up using this page (which includes running this FileReg.exe and then installing Malwarebytes) to remove the malware and succeeded: http://www.bleepingcomputer.com/virus-remo...irus-vista-2010However, per this email I am no longer sure what changes to the Reg file was made. Is there a way to find out what the FileReg.exe that is listed really did to my reg files?Thank you. Link to post Share on other sites More sharing options...
Staff screen317 Posted March 11, 2010 Staff ID:212813 Share Posted March 11, 2010 Hi,There is no "filereg.exe" there; are you referring to FixExe.reg??If so (without going into too much jargon), it fixes the way .exe files are opened. We call those File Associations, and malware can change those to help itself and hurt us. FixExe.reg restores the default settings which allowed MBAM to run.Does that answer your question?-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted March 18, 2010 Staff ID:216508 Share Posted March 18, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts