Malwarebytes missed infections?

[Adela]

[MS WinXP Home 2002 - SP2; OE 6; IE 6; MS Office Pro; Dell Dimension XPS T448MHz Pentium III; 384MB RAM; high speed cable; Windows Media Player; Adobe Reader 8; Adobe Flash Player 10 Activex..]

Hello, last night and today I was slapped with the Cleanup Antivirus. A viciously persistent malware which presented me with 800 infections!!! I googled and Yahoo Answers recommended Malwarebytes which I hastened to use and was surprised it said ZERO INFECTIONS after almost 2 hours! In desperation I then used another recommendation from Yahoo: I scanned with http://www.surfright.nl/en/shop/hitmanpro which it took just 2.5 minutes and found 3 infections! Yet 3 out of 800 isn't an impressive number even if the "800" number is fake! What do you think went wrong with my malwarebytes scanning?

I hope that terrible Cleanup tool is gone forever but I was told they never leave completely, so would anyone happen to know whether a strong scanner such as Panda, or any recommended in this website: http://www.techsupportteam.org/forum/revie...-resources.html is strong enough AND especially without bringing bugs???

I was thinking of using "Hijack This" but I'm kind of afraid since I can't tell which items are ok for me to delete and which items are system files and best left alone....

Will appreciate a lot any suggestions. Adela

P.S. What are "false positives"? Thanks.

P.P.S. Hope you enjoy the joke I posted in the Jokes section... :-)

[mountaintree16]

Honestly I am not surprised that you are infected. Your Adobe reader is way out of date and you are running a Service Pack on XP that is due to have support ended for it on July 13th, 2010. You should update to SP3 soon. Are you using an antivirus program?

Anyway, please read the following so that you can get yourself cleaned up:

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

HJT should NEVER be used by an untrained person OTHER than to scan & remove items as guided by an EXPERT.

A False Positive is a detection that is found that is not really an infection.

Thank you

[Adela]

Thanks very much mountaintree! I'm sorry I forgot to specify "instant notification". I just did.

This infection is the first one in years! I do have the SP3 waiting for me in the taskbar popping up to install on each opening but I'm avoiding it until the last minute as I read many complaints against it. The same with IE8. I'm using the anti-virus "avira" or "antivir".

I will follow the instructions you so kindly gave me, but should I delete your message here??? since I'm not sure I won't until I hear from you.

Thank you very much for your help! Adela

[Firefox]

just to add....

Any issues they used to have with SP3, have long since fixed by microsoft so you should not encounter any.

It is recommended that you upgrade to SP3 as there are enhancements in SP3 that were not available with SP2. Once you update to SP3 make sure you also do critical updates after the install completes as well.

[Adela]

Hello Firefox and thank you for the tip! Being that the case as soon as I fix this one thing I will accept that popup SP3. Thanks again! :-) Adela

[mountaintree16]

Adela,

What do you mean by instant notification? I'm sorry, I am just a bit confused.

As for not installing IE8 yet, that's okay, but you should be running at least IE7 as IE6 is full of security holes that will never be fixed.

Avira is an excellent AV program, nice choice

Yes, I would follow through with the malware removal forum directions, and I would wait to install Service Pack Three just until you are in the clear from Malware because making further changes to your system could disrupt things for your helper. After you clean your system or are given the okay that you are not infected, then you should proceed forward with installing SP3

You can't delete my message here; only Admins (people with red names) and Moderators (purple names) can delete or modify other user's posts.

And you are quite welcome!

[Adela]

Hello again mountaintree, I followed the instructions as you gave them to me and have successfully scanned it and it found...780 infections, 16 values and 2 files Whew! I had them removed and it said it deleted them. I shall keep these useful instructions in case it happens again.

Just wanted to thank you again very much! :-) Adela

[mountaintree16]

Oh my word! You scanned with Mbam and found these 780 infections, am I correct? Or did you use another program?

I still however urge you to follow the initial directions I gave you to ensure that your system is indeed clean. It's your choice of course, but, that is my honest recommendation for you.

You are very welcome!!

[noknojon]

Hi Adela -

This Item is our Self Help removal program for CleanUp Antivirus - It is a genuine Rogue A/V - If you can follow it then please do (that is your 800 fake infections) -

Thank You -

[Adela]

Hi and thanks noknojon for the "this item" link! I recognized well there the infamous Cleanup Antivirus page! lol! I'm SO happy to have rid of it. Hopefully it won't return, but I've seen lately that I get the message: "The document has moved redirecting..." and it takes me to the wrong page! I may have to use a stronger scanner or scan again with the Malwarebytes' Anti-Malware that mountaintree had given me.

Thank you again. Adela

[mountaintree16]

Hi Adela,

Yes please run a full Avira scan and a Quick Scan with Malwarebytes and remove anything they find.

If you find yourself still getting redirections when you click a link in a websearch please go to the Malware removal forum!

Follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

Thanks

[Adela]

What do you mean by instant notification? I'm sorry, I am just a bit confused.

Hi mountaintree, it means I'll get notified of answers to my questions as I had failed to check it in My Controls. This, in answer to your sentence: "After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post."

You can't delete my message here; only Admins (people with red names) and Moderators (purple names) can delete or modify other user's posts.

Oh I'm sorry I think I misinterpreted your sentence here: "Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read." Perhaps you meant to erase the other person's msg when brought up with "Reply with Quote"?

Oh my word! You scanned with Mbam and found these 780 infections, am I correct? Or did you use another program? I still however urge you to follow the initial directions I gave you to ensure that your system is indeed clean. It's your choice of course, but, that is my honest recommendation for you.

I only used the malwarebytes program which was under the link you gave me. I did follow your link's directions closely which included to double click on mbam-setup.exe. The following is what I did and was under the link you gave me:

How do I remove CleanUp Antivirus?

Our program Malwarebytes' Anti-Malware can detect and remove this rogue application.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a check-mark is placed next to the following:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected. Reboot your computer if prompted.

When completed, a log will open in Notepad. The rogue application should now be gone.

What I did forget to follow in your directions was: "Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available." Did you mean for me to post here the results of the scan?

I hope I didn't confuse you more with my long and complicated post here...

You were very helpful to me and I appreciate it so much! The program did catch 783 infections, so this scan was successful no? Adela

P.S. As you see in my answer to noknojon, I seem to have a new interference and perhaps I should repeat the same scanning? Or do you think a stronger one?

[mountaintree16]

Adela,

1) Oh! Sorry, hehe. that's what you meant. For me, I went to My Controls and then Email options, and chose the option so that any topic I reply in or create will be alerted to my email so that I don't miss anything. But you can also do the track this topic option if you don't wish to have every topic that you reply in send you reminder emails.

2) Sorry for the confusion. What I had meant was if you do NOT use the ADD REPLY button, but you use the normal reply button instead, just erase the quoted text below your reply prior to posting back

3) Glad you followed my directions, and I'm glad that Malwarebytes was able to remove all those nasties off your machine! However, did you run a second scan after removal to ensure that everything is gone?

Last, but certainly not least, the reason I am suggesting that you go to the Malware Removal Forum is just because of the sheer number of detections and items removed by Malwarebytes. It makes me wonder if there might be anything else lurking on your computer. There very well COULD be since you had so many detections. Or you might be totally clean now. It's very difficult to know if you are clean without a trained eye taking a look.

Again, your choice of course but I strongly urge you to post in the Malware removal forum just to make sure that you're clean, and also definitely if you continue to get re-directed when you click on search links.

You are quite welcome

[noknojon]

Hi again Adela -

Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here

.

This section of the posted item will give you the 1st and then 2nd areas to follow - First follow the directions and then add them to your new post at the other forum area - Give a brief idea of your problems that still exist and post the Logs that you create from following the advice in the first section -

It is always important to fully remove any infections as there may be traces of other infections involved as well as the main problem you noticed -

Thank You -

[Adela]

Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

Hi noknojon and thanks again for reminding me but, yes, I intend to run malwarebytes again which I did the first time with the above info. Following yours and mountaintree's advice, I'll post both my new problem and the logs from this new scanning, in the Malware forum.

Thank you very much! Adela

[mountaintree16]

You're very welcome, Adela,

And I'm glad that you'll be doing so

[Adela]

Hi MT! So if I want to receive notices relating ONLY to my own posts, I use "track"? If so I'll do it.

Now I understand everything. Thanks for clarifying it to me! I'll now run a 2nd malwarebytes scan and will post, as you and noknojon suggested, in the Malware forum which, I agree with you, makes a lot of more sense.

Again my big thank you for everything! :-) Adela

[Adela]

Hi Adela,

Yes please run a full Avira scan and a Quick Scan with Malwarebytes and remove anything they find.

If you find yourself still getting redirections when you click a link in a websearch please go to the Malware removal forum!

Follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

Thanks

Here I am again MT, but I hadn't seen your message until now, so before I post in the other forum, I'll run a full Avira and a quick malwarebytes and if it still does that error, then should I post the log in the other forum? Or only tell them what happened? Thanks again! Adela

P.S. I did run a 2nd malwarebytes earlier today but the "Redirected..." error is still on, so hopefully running both will help.

[mountaintree16]

I would still visit the Malware removal forum, yes.

Also just give a summary on what has happened with your machine from when you noticed & removed the infections up until this point, that will be helpful for your helper to know as well.

Good luck!

[Adela]

Thank you MT! I will right now. Adela