Jump to content

will deleting a user account on Xp get rid of antivirus xp / ave.exe?


Recommended Posts

Hello, We have 2 user accounts on xp. On one of them, we somehow got infected with the antivirus xp, xp total security, ave.exe thing. On the other account, it appears to be unaffected with no popups. Would deleting the infected user account be a quick fix for this problem?, or should I go through a lengthier process?

Thanks for any help anyone could provide.

Link to post
Share on other sites

  • Staff

Hi,

Would deleting the infected user account be a quick fix for this problem?, or should I go through a lengthier process?
It's really not needed to delete a useraccount because of that, because you can deal with this perfectly with malwarebytes.

Please read the instructions I posted here: http://forums.malwarebytes.org/index.php?s...st&p=216531 and follow them. Do this via the account that is infected! That's important!

Then post the log of malwarebytes in your next reply here.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3886

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/20/2010 1:49:02 AM

mbam-log-2010-03-20 (01-49-02).txt

Scan type: Quick Scan

Objects scanned: 154118

Time elapsed: 2 hour(s), 31 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Alan\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Alan\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Glad I could help. :huh:

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.