Jump to content

After malware removal programs asking for file association


Recommended Posts

Guest cassiereroni

I just cleaned some crap off of my computer that my grandson managed to get infected with. I have 3 users set up on my computer. Myself, and my two grandsons. One of them downloaded a screensaver that infected my computer. I ran my antivirus, went to TrendMicro and scanned with that. Nothing was found. So I run my malwarebytes and that found some of the problems and I believe took care of them. Here is the log of what was done:

"Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6639

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/22/2011 10:10:17 AM

mbam-log-2011-05-22 (10-10-17).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 232899

Time elapsed: 2 hour(s), 8 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Bud\Local Settings\Application Data\skk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator\Desktop\unused desktop shortcuts\google updater.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Bud\local settings\application data\skk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully."

Only now when I log in as my grandson nothing will open. I can't even get Internet Explorer to open. When I click on it a window opens and asks what program do I want to use to open it.

How do I fix this? I can't access the net from his user account. I have to use mine. Any help would be appreciated.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please download exeHelper from one of these two places:

http://www.raktor.net/exeHelper/exeHelper.com

http://www.raktor.net/exeHelper/exeHelper.scr

Save it to your Desktop and run it. When it finishes, restart your computer and see if you can run .exe files now.

If so, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.