Jump to content

(OTL, Hijack This attached) Recovered after Vista Internet Security 2010, but clean?

Recommended Posts


On 2010-03-07, in th early evening, I got hit with the Vista Internet Security 2010 virus. After trying a lot of things, I managed to boot into safe mood, rename the executable of Malwarebytes ('vistanext'), install and run Malwarebytes. It looks and feels like the infection is gone, however, I am worried if it is. I am especially worried about keyloggers, since I do things like banking and Skype calls home/credit online.

My OTL logs, Hijack This log, and Malwarebytes log (pre and post infection) are attached.

My OTL settings follow this thread:


Thanks for your time, which is really really appreciated.






Link to post
Share on other sites

Thanks for your help screen317, it is tremendously appreciated.

Malwarebytes' Anti-Malware 1.44

Database version: 3902

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

3/22/2010 10:54:54 PM

mbam-log-2010-03-22 (22-54-54).txt

Scan type: Quick Scan

Objects scanned: 121565

Time elapsed: 29 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Neel\AppData\Local\MSASCui.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Neel\AppData\Local\MSASCui.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Neel\AppData\Local\MSASCui.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Neel\Local Settings\Application Data\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Neel at 1:02:09.41 on Tue 03/23/2010

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18


Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.