Jump to content

Antimalware Doctor Virus


Recommended Posts

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=1bf5ec836396f742b67ff105102ddc42

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-05-09 01:09:36

# local_time=2010-05-08 06:09:36 (-0800, Pacific Daylight Time)

# country="Canada"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 1038973 1038973 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=97352

# found=3

# cleaned=3

# scan_time=9661

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Desktop\Age of Empires II\mythxpak.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Incomplete\Preview-T-5545150-gamma ray burst downlink.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Local Settings\Temp\jar_cache3120911810968013864.tmp multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Open your Notepad and copy/paste the following:

Windows Registry Editor Version 5.00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"8688:TCP"=-
"8687:TCP"=-
"3389:TCP"=-

Please save this file as fix.reg (It's important to change file type as all files), run it and restart your computer.

Let me know how are things.

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4084

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

09/05/2010 2:34:11 PM

mbam-log-2010-05-09 (14-34-11).txt

Scan type: Quick scan

Objects scanned: 159835

Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 4

Files Infected: 27

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apmanager.exe (Rogue.APManager) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Owner\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Owner\Local Settings\Temp\stp23ce5.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\uninstall.exe (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Application Data\ARManager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\uninstall.exe (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant.COMPUTERNAME\Application Data\ARManager\languages\template.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

My internet works now. I went to internet options and reset the internet settings and its all good now.

Link to post
Share on other sites

Good! I think we're ready! :blink:

Last steps:

Step 1:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2:

Please manually delete DDS and GMER.

Step 3:

Please, uninstall the following applications:

  1. Adobe Reader 7.1.0
  2. LimeWire 5.1.2

You can read, how to this in:

Step 4:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 5:

Please download and install the latest version of Adobe Reader from:

http://www.adobe.com

About Java:

http://java.com/en/

Step 6:

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.