Jump to content

Recommended Posts

Hi, I'm infected with Vista Anti-Virus 2011, and I can't find any of the files to remove it manually so I'm here for help. I also seem to have a search engine redirect malware which is how I think I got the rogue security client. Need help removing both, please.

I'm unable to run MBAM, even after changing the name.

GMER is still running.

Here's the DDS

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Alyssa at 23:10:19.45 on Sat 05/07/2011

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17

Microsoft

Link to post
Share on other sites

I know there are a lot of people with problems right now, but I need this fixed immediately. If I could find the files and delete them like usual I wouldn't need help. Please help, I'm desperate!

Here is GMER:

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-08 00:08:35

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.CL

Running: f5r01k7b.exe; Driver: C:\Users\Alyssa\AppData\Local\Temp\fwriqpog.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Alyssa\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1440] WININET.dll!HttpOpenRequestA 773FFBBC 1 Byte [E9]

.text C:\Windows\Explorer.EXE[1440] WININET.dll!HttpOpenRequestA 773FFBBC 5 Bytes JMP 02F42EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetConnectA 77400692 5 Bytes JMP 02F42FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetCloseHandle 77402DB8 5 Bytes JMP 02F42C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetReadFile 774074B9 5 Bytes JMP 02F42D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxParamW 760410B0 5 Bytes JMP 71CEBFE7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamW 76042EF5 5 Bytes JMP 71E2BBB2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxParamA 76058152 5 Bytes JMP 71E2BB77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamA 7605847D 5 Bytes JMP 71E2BBED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxIndirectA 7606D4D9 5 Bytes JMP 71E2BB33 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxIndirectW 7606D5D3 5 Bytes JMP 71E2BAEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxExA 7606D639 5 Bytes JMP 71E2BAB5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxExW 7606D65D 5 Bytes JMP 71E2BA7B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] ole32.dll!OleLoadFromStream 75EE1E80 5 Bytes JMP 71E2BDAF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] WININET.dll!HttpOpenRequestA 773FFBBC 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] WININET.dll!HttpOpenRequestA 773FFBBC 5 Bytes JMP 10022EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] WININET.dll!InternetConnectA 77400692 5 Bytes JMP 10022FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] WININET.dll!InternetCloseHandle 77402DB8 5 Bytes JMP 10022C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

.text C:\Program Files\Internet Explorer\iexplore.exe[2024] WININET.dll!InternetReadFile 774074B9 5 Bytes JMP 10022D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.