Jump to content

questions re scan


Recommended Posts

I ran a malwarebytes scan this evening....realized I probably needed to update my program so did that and then ran another. The first one found 2 issues, the second found 6 ! Every time I run the scan it finds the same thing. Every time i delete them, but they keep coming back

To add to this scenario, after I run the malwarebytes scan, my McAfee virus program pops up a registry change detected notice. It says it has detected a potentially unauthorized registry change to my computer and asks me what I want to do....allow or block.

The change is:

system guards: Winlogon Shell Program: Malwarebytes' Anti-Malware

Location: c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

So....do I allow or block ?

Also, any thoughts to why the same issues keep coming back every time ??? I venture to say when I get finished with my computer this evening that I can run this again and it will detect more things. Here's the info from the latest log:

Memory Processes Infected:

C:\Documents and Settings\Debby Ray\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

C:\Documents and Settings\Debby Ray\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Debby Ray\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Debby Ray\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

C:\Documents and Settings\Debby Ray\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Any help appreciated and if I need to post this elsewhere on the boards, please let me know.

Thanks

Link to post
Share on other sites

You have a serious set of issues that need serious follow-up. Do not use this system for any financial or online purchases.

As only a one-time try, temporarily turn off McAfee which is blocking MBAM from making permanent fixes.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Then start MBAM and do a Quick scan. Let it remove or quarantine what it finds.

Then proceed forth to get guided help !

There may well be other hidden files or vectors that would resurrect the infections. Note also, it will take more tools to check the system further ! Even after MBAM finishes & may say no more found.

Let me suggest, if you're an MBAM customer, you contact the help desk at support@malwarebytes.org

Alternatively, Please print out, read and follow the directions here, skipping any steps you are unable to complete. But do as much as possible.

Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please post there Gmer.txt log

the DDS logs and latest MBAM log

Don't post your logs here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.