Jump to content

Laptop computer has a virus


Recommended Posts

I am having problems with a virus. After I ran MBAM and removed items found and rebooted, All my programs/files will not open when computer is booted normally. Firewall and virus software (Microsoft security essentials) have been disabled. I am able to run computer in safe mode, but cannot get Avira to load. A trial version of Previx says there is a trojan called reader.d58dc(1).exe on my computer. Also, MS Essentials found and removed exploit:js/multi.dm . Also note: the attached MBAM logs for 6/6/2011 are from a previous successful cleanup of a virus, but may be useful if the cleanup didnt really get rid of original virus.

All scans were done in safe mode. I couldnt seem to get GMER to provide a "save" button when scan was finished to get the "ark" file, but I did get results copy/pasted.

attach.zip

dds.txt

mbam-log-2011-06-06 (20-11-12).txt

mbam-log-2011-06-06 (22-56-13).txt

mbam-log-2011-06-16 (00-03-06).txt

mbam-log-2011-06-16 (06-42-49).txt

attach1.zip

Link to post
Share on other sites

  • Staff

Hi,

Please log in into the account where exe files won't run. (In normal mode!)

Then, make sure extensions are shown, see here how to do this.

Then, navigate to the C:\Program Files\Malwarebytes' Antimalware folder and locate the file mbam.exe in there

Rename mbam.exe to mbam.com

Then, doubleclick mbam.com. This will allow malwarebytes to open. First use the update tab and check if there are updates. Download the updates.

Then, perform a quick scan and let Malwarebytes remove what it found. Reboot afterwards. Malwarebytes should restore the associations for exe files again if run from the affected account.

Link to post
Share on other sites

I followed your directions and have exe associations back. Thank you very much.

There are two more things still going on...

1. I cannot get automatic updates to run,even when I go into control panel/system folder. it says au is already on. I tried turning it off and back on, and rebooting.

2.The trial version of Prevx 3.0 (scan only) says that reader.d58dc(1).exe is a "high risk cloaked malware", but MBAM , Spybot and Microsoft security essentials do not even show it as a threat. Is this a false positive? Is it possible that Prevx is just trying to get me to purchase their removal package?

mbam-log-2011-06-19 (09-37-23).txt

Link to post
Share on other sites

  • Staff

Hi,

Go to start > run and type:

regsvr32 wuaueng.dll

Hit enter.

Let me know if that fixed the automatic update issue.

As for your other question, I cannot answer this because I would need the file from you, so please navigate to the file being mentioned by prevx and upload it here: http://www.bleepingcomputer.com/submit-malware.php?channel=8

Link to post
Share on other sites

Sorry for the delay in response. The automatic updates fix worked. As for the other "virus" file, during tht attempt to locate where the file was I found it was in Internet explorer temp file, and was easily deleted.

Thank you very much for your help.

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.