Jump to content

Remove malware leads to no Internet connection


Recommended Posts

Good afternoon.

Earlier today I ran Malwarebytes Quick Scan which reported an infection. I followed the directions to remove the problem. Upon restart, however, I could no longer access the Internet. I did a System Restore on Windows to go back one day (wish I could do that in real life!). But this meant I now had the malware back. Which I removed once again and -- once again -- I could no longer access the internet. What is the best way to proceed? Here is the mbam-log from this event:

Malwarebytes' Anti-Malware 1.46


Database version: 4852

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

10/16/2010 1:44:53 PM

mbam-log-2010-10-16 (13-44-53).txt

Scan type: Quick scan

Objects scanned: 145670

Time elapsed: 13 minute(s), 46 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

C:\Users\John\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Users\John\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\John\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\John\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\John\AppData\Local\Temp\ms0cfg32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\John\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Lets Have An Expert Check It Out

please follow All the instructions below and an Expert will assist you

  • Please print out, read and follow the directions here, skipping any steps you are unable to complete.
  • Then post a NEW topic here.
    One of the Expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic

and choose one of the Email options so that you're alerted when someone has replied to your post.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  • You may send a Private Message to a Moderator asking for assistance.


As a paying customer, you can contact the help desk at support@malwarebytes.org or via this help desk link Here -

Our online experts will be able to assess your problem further

If you're a Corporate or Technician Licensed customer seeking assistance:

Please send an email to Corporate Support Team <corporate-support@malwarebytes.org> with your Cleverbridge order reference number and they will assist you.

Link to post
Share on other sites

I did a System Restore on Windows to go back one day ...........

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\John\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully

This is most likely the item that prevents internet connection -

Re-do the system restore and then re submit it to the Malwre Removal Area -

It still seems there is an infection , but let the experts see it -

Try to include as many logs as you can also - This way the experts can 'read' your system better -

Link to post
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.