Jump to content

mbam detects but doesnt remove rogue.antivirus


stevehamp

Recommended Posts

im having problems with the pesky antivirus 2010 trojan...i "think" most of it is removed but MBYTES keeps detecting rogue.antivirus on quick scan..i click to remove it..restart..run another scan and its still there....what to do?..im running win xp..and also webroot spysweeper and mcafee for virus

this is the path where mbam detects the trojan: C:\WINDOWS\SYSTEM32\US?RINIT.EXE

Link to post
Share on other sites

Welcome to the forum.

Please start at the link below:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the logs back here, Please don't attach them.

---------------------------

If you can't get GMER to run, use this instead:

Download and unzip Rootrepeal from the link below:

http://rootrepeal.googlepages.com/

Run rootrepeal.exe by double clicking on it

Click on report tab on the bottom right of the software then press Scan

Put at check in all box's except the 2 SSDT option's then press OK

Place a check in drive to be scanned (it is usually C)

Click OK, the scan will start and produce a log when done

Please save the logfile generated and copy and paste the contents of that log into your next reply.

MrC

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.