Jump to content

Recommended Posts

Ran rkill and mbam. Mbam found something and removed it, but Defragmenter remains, and runs on reboot.

GMER freezes so there is no log for that.

Last mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4962

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.7930.16406

10/27/2010 12:43:47 AM

mbam-log-2010-10-27 (00-43-47).txt

Scan type: Quick scan

Objects scanned: 168384

Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt:

DDS (Ver_10-10-21.02) - NTFSx86

Run by Mike at 2:10:57.50 on Wed 10/27/2010

Internet Explorer: 9.0.7930.16406

Microsoft

Attach.zip

Link to post
Share on other sites

Welcome to the forum

Please download and run ComboFix:

A few notes first:

  • ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7 (32-bit only).
  • ComboFix must be run from an Administrative account.
  • Vista and W7 users - Right click, choose "Run as Administrator"
  • It must be downloaded to and run from your desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    ComboFix Guide <---please read!

---------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks

and Please disable Autorun ASAP!.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

While I was trying to solve this issue last night I ran the Bitdefender Internet scan and it came back with:

Found 1 infected file!

----------------------

C:\Users\Mike\AppData\Local\Temp\8552364.exe --> Gen:Trojan.Heur.FU.HyW@a4@nm!n

--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"8552364"

This wasn't found by mbam on a subsequent search, and BitDefender refused to install on my machine so I couldn't scan for it.

I will give your suggestion above a try. Should I undo the steps that I used to create the above logs?

Link to post
Share on other sites

No, just run ComboFix and carefully follow the instructions, MrC

Thanks for the info on the combo fix. I think it worked. I have not had any pop ups from system defrag since installing. I am a little nervous that the program is still showing up in my start menu under programs. Is that normal? I will attach my combofix.txt to analysis. Thanks for your help.

ComboFix 10-10-27.A3 - The Ultimate 10/28/2010 19:17:00.1.2 - x86

Microsoft

Link to post
Share on other sites

MrC:

Thanks for your help. I thought that I would try MBAM again after it had updated to see if it caught this problem, but it was still unsuccessful. BitDefender however found the error that I mentioned above and I deleted it, so it appears everything is clear now.

The System Defragmenter is no longer coming up. I only wish I had saved a copy of the file so that I could post it to Malwarbytes for analysis.

Thanks again.

Mike

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.