Jump to content

IE 7 won't run after successfully deleting Virtumonde/Privacy Remover.M64

sophia450
 Share

Recommended Posts

sophia450

sophia450

Posted
Posted

Please help! Internet Explorer 7 won't work anymore... it just flashes for a second then terminates. I am not very computer savvy but could it be just a matter of correcting a registry entry? Here are the mbam logs (I scanned 3 more times after the 1st)... thank you! I am currently at the library since my laptop is next to useless without me being able to use IE. Thanks again for any help you can extend...

FIRST SCAN RESULTS:

===================================

Malwarebytes' Anti-Malware 1.25

Database version: 1093

Windows 5.1.2600 Service Pack 3

10:52:09 PM 8/28/2008

mbam-log-08-28-2008 (22-52-09).txt

Scan type: Quick Scan

Objects scanned: 48275

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 3

Registry Values Infected: 6

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

C:\WINDOWS\system32\lphcnwaj0e92v.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:

C:\WINDOWS\system32\blphcnwaj0e92v.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnwaj0e92v (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\blphcnwaj0e92v.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\clbcat.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\lphcnwaj0e92v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\phcnwaj0e92v.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

SECOND SCAN RESULTS:

===================================

Malwarebytes' Anti-Malware 1.25

Database version: 1093

Windows 5.1.2600 Service Pack 3

11:08:45 PM 8/28/2008

mbam-log-08-28-2008 (23-08-45).txt

Scan type: Quick Scan

Objects scanned: 48179

Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

THIRD SCAN RESULTS:

===================================

Malwarebytes' Anti-Malware 1.25

Database version: 1093

Windows 5.1.2600 Service Pack 3

11:10:42 PM 8/28/2008

mbam-log-08-28-2008 (23-10-42).txt

Scan type: Quick Scan

Objects scanned: 1

Time elapsed: 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

FOURTH SCAN RESULTS:

===================================

Malwarebytes' Anti-Malware 1.25

Database version: 1093

Windows 5.1.2600 Service Pack 3

12:12:22 PM 8/29/2008

mbam-log-08-29-2008 (12-12-22).txt

Scan type: Quick Scan

Objects scanned: 47938

Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello sophia and Welcome to Malwarebytes

Please follow the instructions posted here and provide the requested information and someone will be happy to assist you in cleaning your system.

Pre- HJT Post Instructions

Please post your logs into the Malware Removal - HijackThis Logs forum, not here.

Thanks.

Link to post
Share on other sites
sophia450

sophia450

Posted
  • Author
Posted
Hello sophia and Welcome to Malwarebytes

Please follow the instructions posted here and provide the requested information and someone will be happy to assist you in cleaning your system.

Pre- HJT Post Instructions

Please post your logs into the Malware Removal - HijackThis Logs forum, not here.

Thanks.

Thank you, I will move the log to the other forum.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.