Jump to content

Recommended Posts

I was getting the XP secuity Center popups and was un able to use any browser. A friend directed me to Malwarebytes. After downloading your software on another machine and transfering it to the infceted one. to run Malware bytes I had to rename the program to somethingelse.com. After running it it cleaned my machine to a point wher I can now get onto the internet. But I still can not turn on Windows auto update. Attached are my logs.

DDS only created the dds[1].scr file and the only way I could not attach was to compress it.

Log after the first run of Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6636

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

21/05/2011 7:21:01 PM

mbam-log-2011-05-21 (19-21-01).txt

Scan type: Full scan (C:\|)

Objects scanned: 246446

Time elapsed: 1 hour(s), 27 minute(s), 0 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

c:\documents and settings\Main\local settings\application data\ddv.exe (Trojan.FakeAlert) -> 3020 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Main\Local Settings\Application Data\ddv.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Main\Local Settings\Application Data\ddv.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Main\local settings\application data\ddv.exe (Trojan.FakeAlert) -> Delete on reboot.

c:\documents and settings\Main\application data\Sun\Java\deployment\cache\6.0\51\5e95bf73-3f053706 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Main\my documents\my downloads\office 2007.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Log after the 2nd malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6636

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

21/05/2011 8:43:16 PM

mbam-log-2011-05-21 (20-43-16).txt

Scan type: Full scan (C:\|)

Objects scanned: 246368

Time elapsed: 1 hour(s), 17 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I ran these scans on my Cdrive only and not on a extrernal that is usually pulled into my machine.

Thanks for your help,

Jerry

ark.txt

hijackthis.log May 21, 2011.txt

dds1.zip

Link to post
Share on other sites

  • Staff

You attached DDS itself instead of its log...

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.