IE 7 won't work after successfully deleting Virtumonde/PrivacyRemover.M64

[sophia450]

Hi, I posted this earlier in another forum and was directed to this as the correct forum to post. I hope you can help me. I want to follow the instructions to the letter (Panda Active, Hijack this scan logs) but unfortunately, I cannot even access the internet (I'm borrowing someone else's computer so I can post here) and have no idea how to download these programs if I can't use IE. However, here are the mbam logs that I am copying-and-pasting from my other post. I hope it's enough to help you help me. Pardon this non-tech-savvy user. Again, I appreciate whatever help you can extend.

- - - - - - - - - - - - - - - - - -

POST AT THE GENERAL FORUM EARLIER... WAS TOLD TO MOVE IT HERE.

Please help! Internet Explorer 7 won't work anymore... it just flashes for a second then terminates. I am not very computer savvy but could it be just a matter of correcting a registry entry? Here are the mbam logs (I scanned 3 more times after the 1st)... thank you! I am currently at the library since my laptop is next to useless without me being able to use IE. Thanks again for any help you can extend...

FIRST SCAN RESULTS:

===================================

Malwarebytes' Anti-Malware 1.25

Database version: 1093

Windows 5.1.2600 Service Pack 3

10:52:09 PM 8/28/2008

mbam-log-08-28-2008 (22-52-09).txt

Scan type: Quick Scan

Objects scanned: 48275

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 3

Registry Values Infected: 6

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

C:\WINDOWS\system32\lphcnwaj0e92v.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:

C:\WINDOWS\system32\blphcnwaj0e92v.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnwaj0e92v (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\blphcnwaj0e92v.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\clbcat.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\lphcnwaj0e92v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\phcnwaj0e92v.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

SECOND SCAN RESULTS:

===================================

Malwarebytes' Anti-Malware 1.25

Database version: 1093

Windows 5.1.2600 Service Pack 3

11:08:45 PM 8/28/2008

mbam-log-08-28-2008 (23-08-45).txt

Scan type: Quick Scan

Objects scanned: 48179

Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Edited August 31, 2008 by JeanInMontana
remove useless stuff

[JeanInMontana]

Hello Sophia450 and welcome to Malwarebytes. You can burn a disk with HJT on it and then copy that file to the infected machine and run a scan for me. You can also update MBAM and scan again. MBAM is showing it finds no malware after the first removal. Try downloading Firefox for a browser, you can't use it for Panda but might be able to then connect to this site and work direct from the infected machine.

I need to see a HiJack This! log please.

[JeanInMontana]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.