digitalcaveman Posted July 7, 2010 ID:280681 Share Posted July 7, 2010 Yesterday my PC was infected with AV security suite. I followed the directions in this thread ( http://forums.malwarebytes.org/index.php?showtopic=56600 ) by running rkill.exe and performing a MB quickscan. After the quickscan I updated malwarebytes and ran a full scan and removed found infections both times. The AV popups are gone but the PC will not connect to the internet, when I try to open firefox it displays "The proxy server is refusing connections".Please help. I will post both MB logs below.From the quickscan:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.117/6/2010 9:54:36 PMmbam-log-2010-07-06 (21-54-36).txtScan type: Quick scanObjects scanned: 143364Time elapsed: 8 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejhclrmw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejhclrmw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\Owner.YOUR-34EFF17BD0\Local Settings\Application Data\nscgdrpmr\ncnmbnttssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.C:\Documents and Settings\Owner.YOUR-34EFF17BD0\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.From the full scanMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4286Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.117/7/2010 10:16:50 AMmbam-log-2010-07-07 (10-16-50).txtScan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)Objects scanned: 270104Time elapsed: 1 hour(s), 1 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\Owner.YOUR-34EFF17BD0\Local Settings\Temporary Internet Files\Content.IE5\PJNT8VYP\bc93ad[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
digitalcaveman Posted July 7, 2010 Author ID:280695 Share Posted July 7, 2010 I found these directions from MrCharlie in this thread ( http://forums.malwarebytes.org/index.php?s...hl=proxy+server ) and they seem to have worked.Try this: Go to your Start button > Settings > Control Panel > Internet Options > open it up * Now click on the Connections * Now click on the Lan Settings * Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Check to see if any of the other boxes are checked, Automatically detect settings and Use auto configuration, if so try it with them unchecked Then press the OK button to close the Internet Options screen. (There's no apply) * Now that you have disabled the proxy server you will be able to browse the web again with Internet ExplorerLet me know, MrCI will most definitely be purchasing the full version of MB now. This is the third or fourth time your software and forums have saved me.Thank you,Digitalcaveman Link to post Share on other sites More sharing options...
digitalcaveman Posted July 7, 2010 Author ID:280696 Share Posted July 7, 2010 If there is anything else I can or should do please let me know. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 24, 2010 Staff ID:289732 Share Posted July 24, 2010 Hi and welcome to Malwarebytes.My apologies for the extended delay. Do you still need help?-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 1, 2010 Staff ID:293682 Share Posted August 1, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts