Jump to content

Recommended Posts

I got some rogue-installer malaware thursday night.

Iv been cleaning thursday night and everything looks alright, no virus found anymore.

Than this morning i scan and i found this :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Ask to supress and than malwarebytes reboot pc, start rescanning process to be sure but the damn key still there.

Since thursday windowsupdate wont work and security always tell me that i should enable windows automatic update, which i did but it wont work.

What to do?

Is the pc really clean? I mean can that rogue thing can steal my passwords? Should i perform a format and reinstall everything? I dont store password on explorer and firefox but i do use a trading programme but dont store password.

mbam-log-2011-03-31 (21-02-38).txt

mbam-log-2011-03-31 (21-52-13).txt

mbam-log-2011-04-02 (09-47-34).txt

Link to post
Share on other sites

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please Download Rootkit Unhooker Save it to your desktop.

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

I got some rogue-installer malaware thursday night.

Iv been cleaning thursday night and everything looks alright, no virus found anymore.

Than this morning (saturday) i scan and i found this :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Ask to supress and than malwarebytes reboot pc, start rescanning process to be sure but the damn key still there.

Since thursday windowsupdate wont work and security always tell me that i should enable windows automatic update, which i did but it wont work.

What to do?

Is the pc really clean? I mean can that rogue thing can steal my passwords? Should i perform a format and reinstall everything? I dont store password on explorer and firefox but i do use a trading programme but dont store password.

NEW INFORMATION SINCE THAN.

I noticed that if i uncheck in security center the option that tell that i dont want to be notified that my windows update is not enable MALwarebytes dont see the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

BUT if i check the box to notify me that my computer is at risk of beeing attack...blablabla MAlwarebytes find the PUM! Strange isnt it?

Looks like the virus has changed the setting of UpdatesDisableNotify but even if i delete that it still wont let me do the updates.

Worse i try to update manually on microsoft windows site but i always get the error message 0x80070424 http://support.microsoft.com/kb/968002/fr. I try many solution from this windows page but none works.

In services.msc windows update has disappear.

I tried to reinstall windows update following the procedure here : http://support.microsoft.com/kb/949104

Cant cause windows tell me its already been install!

Its not that windows update is crucial to my pc but i run service pack 3 and need updates for my trading program. But i feel something's wrong and maybe malwarebytes isnt it yet updated to that new rogue.

Im out of idea!

Thanks for the help

files asked attach

DDS.txt

Report.txt

Attach.txt

mbam-log-2011-03-31 (21-02-38).txt

mbam-log-2011-03-31 (21-52-13).txt

mbam-log-2011-04-02 (09-47-34).txt

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Got a problem with Combofix.

The process failed half way.

It downloaded Microsoft Windows Recovery Console than it began to scan till step 10.

After that a bluescreen appeared once it tried to reboot.

The blue screen was saying to restart the pc cause there was a trouble with plugs and play or one of the program or device not well installed and restart in safe mode to fix it.

I restarted and it came back to normal, but nothing from combofix. No report, no files.

What to do? Should i try again?

Frank

Link to post
Share on other sites

Here's the log from combofix

The problem still there, security center still telling me that my windows update are disable when in fact it is enable.

My anti-virus Bell-Canada came interfering when rebooting, i forgot to disable at start up after switching to safe mode but it didnt seem to have an effect in the end since Combofix did gave me a log.

log.txt

Link to post
Share on other sites

Hi again, I'm glad to hear that. :)

But, not yet done here, lets make sure that your risk to get infected is a bit smaller by keeping software up to date.

P2P WARNING

-------------------

Going over your logs I noticed that you have BitLord installed.

  • [*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Elise,

Bitlord uninstall

Adobe reader X updated

Java JDK 6 Update 24 updated

MBAM updated and run a deep scan result attach

By the way that rogue virus malaware has been caught on a site call animelinkz.com an anime site where you can watch in streaming with megaupload. Probably the virus was hidden in an advertisement cause at that time firefox froze and when i tried to restart firefox all programs was unable to open. I wont go back to that site. But i wonder if all those updates can prevent me from catching that thing again on other similar sites? Is there a place where you can be inform if those sites have viruses?

mbam-log-2011-04-04 (10-58-54).txt

Link to post
Share on other sites

That is looking great! :)

While keeping software updated and having adequate protection sure is important, it will never make the internet 100% safe. What you can use to check websites is for example McAfee's Site Advisor.

Lets also do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi Frank, don't worry, those are just leftovers. :)

I see I forgot to address a question of yours:

Just one thing. Can i keep combofix on my pc and use it to scan my pc when i feel somethings wrong, if malawarebytes cant fix it?
This is not a good idea. First of all, combofix gets updated frequestly, so keeping an older copy makes no sense. However, more importantly, Combofix is a very powerful tool and it is not recommended to run it on your own. It can do quite some damage in some cases.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and Rootkit Unhooker

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

>Everything seems to work find.

One last question, as you see i use Bell-canada virus protection which is the free protection gave from my internet provider. That thing never detect anything and is completely useless and slow to start-up.

I downloaded Microsoft free security virus scan but didnt install the thing yet. Do you know if its good, i heard it cant even detect antivirus2010 rogue malaware.

You have any suggestion for a good free virus protection scan?

Frank

thank you for everything

Link to post
Share on other sites

Hi Frank, good to hear everything is running fine!

MS Security Essentials is a good antivirus. I usually recommend it, together with Avast and Avira. My personal preference goes to Avira (mostly due to its excellent detection rate), but the other two are good also.

Keep in mind that you should only have one antivirus installed at a time!

I hope this answers your question. :)

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.