Jump to content

Recommended Posts

Hi there

Initially posted this on the wrong sub-fora

"My son has managed to download this malware to my work laptop. It has disabled windows security and and Add/Remove programs form my control panel and I am unable to access the internet from either IE 8 or Safari so I cannot download Malwarebytes to it. How can I get round this?"

I am in safe mode and I still am unable to access the internet. I have used MBAM on my other computers with great effect but cannot access on the work laptop.

The laptop concernd is a HP probook 4510s running windows XP (SP3)

Thanks

Link to post
Share on other sites

Have managed to upload MBAM and I have run it successfully.

Things are looking ok at present but have attached log for good measure

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6256

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

03/04/2011 18:17:37

mbam-log-2011-04-03 (18-17-37).txt

Scan type: Quick scan

Objects scanned: 185929

Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 14

Registry Values Infected: 1

Registry Data Items Infected: 5

Folders Infected: 1

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9DD8465E-BBBF-4B12-8EAF-AED8EDAF5F34} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{37F62759-D10C-49E8-A857-2E95B4D2641C} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\chkaecayhst.chkaecayhst.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\chkaecayhst.chkaecayhst (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\prtkHlpr.prtkHlpr.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\prtkHlpr.prtkHlpr (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD8465E-BBBF-4B12-8EAF-AED8EDAF5F34} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9DD8465E-BBBF-4B12-8EAF-AED8EDAF5F34} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9DD8465E-BBBF-4B12-8EAF-AED8EDAF5F34} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6_N1J0rV-8j3XW- (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NT0234Uninstall$ (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19eb212d-d84d-43f2-3f86-4b2dc0d0c953} (Adware.LoudMo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{19eb212d-d84d-43f2-3f86-4b2dc0d0c953} (Adware.LoudMo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19EB212D-D84D-43F2-3F86-4B2DC0D0C953} (Adware.LoudMo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Student1\Local Settings\Application Data\dpc.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Student1\Local Settings\Application Data\dpc.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

c:\WINDOWS\$nt0234uninstall$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\$nt0234uninstall$\xprt.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\6_n1j0rv-8j3xw-.exe (Adware.BHO) -> Quarantined and deleted successfully.

c:\documents and settings\Student1\local settings\Temp\0.3984776906198011.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\WINDOWS\$nt0234uninstall$\punstl.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ezdx_-f_7_-.dll (Adware.LoudMo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Welcome to the forum, lets make sure you are clean.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.