Jump to content

Antispyware Soft - MBAM can't remove

m1991
 Share

Recommended Posts

m1991

m1991

Posted
Posted

Hi,

I just got infected with the Antispyware Soft virus. I booted up in safe mode and then did a system restore. After I restored, however, I still had some of the symptoms (google chrome wouldn't work) and Norton kept telling me it was detecting stuff. So I got MBAM and I ran a both a quick and full scan but neither detected anything. I know the virus is still on my computer, however I'm not getting some of the symptoms like popups. Help please?

Link to post
Share on other sites
m1991

m1991

Posted
  • Author
Posted

Here is the log, if it helps at all

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4095

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

5/13/2010 4:25:31 AM

mbam-log-2010-05-13 (04-25-31).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 288606

Time elapsed: 1 hour(s), 32 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello m1991! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Step 1:

To disable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 2:

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Step 3:

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.

  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

In your next reply, please include these log(s) in this sequence:

  1. DDS log with Attach.txt
  2. GMER log

Link to post
Share on other sites
m1991

m1991

Posted
  • Author
Posted

Ok, I did as you said but the GMER wouldn't run. When I hit scan the system crashed and windows told me the system was shut down to prevent further damage.

Here are the other logs

DDS (Ver_10-03-17.01) - NTFSx86

Run by Marcus at 17:20:44.29 on 05/13/2010 Thu

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18

Microsoft

Attach.zip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Download RootRepeal Beta on your desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:

    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services

    [*]Click the OK button

    [*]In the next dialog, select all drives showing

    [*]Click OK to start the scan

    Note: The scan can take some time.
    DO NOT
    run any other programs while the scan is running

    [*]When the scan is complete, the Save Report button will become available

    [*]Click this and save the report to your Desktop as RootRepeal.txt

    [*]Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

Link to post
Share on other sites
m1991

m1991

Posted
  • Author
Posted

Hi Borislav,

When I tried running the program the system blue screened and crashed just like when I ran the GMER.

I also wanted to ask,

I have a windows 7 upgrade CD which I was planning on installing on this laptop anyways. I was going to do a clean install and wipe everything - will that solve the problem? If so, I might just do that since I'm going to eventually put win7 on here.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.