Jump to content

Still infected with HDD Plus Virus after cleaning with MBAM, please help


Recommended Posts

Thank you so much for your help. My computer was infected with HDD Plus today. The first time I ran MBAM, it found a few files and quarantined them. But, the "HDD Plus" desktop icon was still there after restarting, and I was still receiving hard drive error messages from the same program.

This is my first time using MBAM, so please let me know if I'm leaving out any pertinent information. Again, thank you again for taking the time to help me. I greatly appreciate your help and your patience

I've attached attached the DDS "Attach.txt", and the GMER "ark.txt" files.

In this order I am pasting:

-My first Malwarebytes scan log, which detected/quarantined the virus

-The most recent log (which said my system was clean, even though I'm still having problems with HDD Plus)

-The DDS log file "DDS.txt"

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5274

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

12/8/2010 6:12:35 PM

mbam-log-2010-12-08 (18-12-35).txt

Scan type: Full scan (C:\|)

Objects scanned: 357284

Time elapsed: 44 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24415919 (Trojan.FakeAlert) -> Value: 24415919 -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Rob\AppData\Local\Temp\24415919.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5275

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 7.0.6001.18000

12/8/2010 9:29:09 PM

mbam-log-2010-12-08 (21-29-09).txt

Scan type: Full scan (C:\|)

Objects scanned: 356037

Time elapsed: 44 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-12-05.01) - NTFS_AMD64

Run by Rob at 22:31:48.51 on Wed 12/08/2010

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11

Microsoft

Attach.zip

ark.zip

Link to post
Share on other sites

mdntokr:

Good! Please do this now:

icon11.gifYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

  • Go to this page.
  • Scroll down to where it says "Java Platform, Standard Edition."
  • Click the "Download JRE" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and AppletsTrace and Log Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

    [*]Click OK to leave the Java Control Panel.

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • MBAM log

Link to post
Share on other sites

Sorry this took so long. I was out for most of the day. I updated Java like you asked, and I have included my latest MBAM scan log. Looks like it didn't find any infected files. Not to be redundant, but thank you so much again for your time. What should I do now?

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5284

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

12/9/2010 9:38:36 PM

mbam-log-2010-12-09 (21-38-36).txt

Scan type: Quick scan

Objects scanned: 174176

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

mdntokr:

How is it running? Please do this next:

icon11.gif Please run ESET Online Scanner

  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

Please include the following in your next post:

  • ESET log
  • How is your computer running?

Link to post
Share on other sites

So, I downloaded and ran ESET after unchecking the option that you requested. The problem is, I didn't see a details tab after the scan was complete. The only thing I could see to do was click on the Finish button or check the uninstall box. After I clicked Finish, I still didn't see a Details tab. All I saw were a few links about purchasing the product or finding information on the product. I decided to run the scan again, but I doubt anything will change.

My computer seems to be running pretty well. I noticed any lingering effects from the HDD Plus program.

Any suggestions on what I may have done wrong with ESET? Is there anything else I should do now? Thanks again.

Link to post
Share on other sites

Thanks, I found it. Here it is.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=1f755609c395cf488fac2d3b0f9bcf8f

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-10 04:03:27

# local_time=2010-12-09 11:03:27 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=770 16774141 100 100 6336200 67738997 0 0

# compatibility_mode=1024 16777215 100 0 58293692 58293692 0 0

# compatibility_mode=5892 16776574 100 95 90144156 128549431 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=196466

# found=0

# cleaned=0

# scan_time=3082

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=1f755609c395cf488fac2d3b0f9bcf8f

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-10 05:25:28

# local_time=2010-12-10 12:25:28 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=770 16774141 100 100 6341120 67743917 0 0

# compatibility_mode=1024 16777215 100 0 58298612 58298612 0 0

# compatibility_mode=5892 16776574 100 95 90149076 128554351 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=196518

# found=0

# cleaned=0

# scan_time=3083

Link to post
Share on other sites

mdntokr:

Your logs look good. Now I have another update and some very important cleanup for you to take care of:

icon11.gif Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version.

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif Delete the following tools along with any other logs you saved from our work:

  • DDS
  • GMER

icon11.gif Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please visit this General Computer Security Forum and review this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

  • Staff

Glad we could help. :rolleyes:

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.