Jump to content

Laptop Infected MB Scan done Log attached

Recommended Posts

  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 2 weeks later...

Hi there

Yes I am still here...I have been away on holiday.

Ok, I have re-run MB scan and log below. I cannot seem to obtain DDS - your link does not work, so I searched it and tried a couple of other links and they don't work either?

Malwarebytes' Anti-Malware


Database version: 8122

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

09/11/2011 09:36:15

mbam-log-2011-11-09 (09-36-15).txt

Scan type: Quick scan

Objects scanned: 168066

Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{85DF608E-8E51-83E6-049F-797BF9F66034} (Trojan.ZbotR.Gen) -> Value: {85DF608E-8E51-83E6-049F-797BF9F66034} -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\G parmar\AppData\Local\Temp\BUA\ar_dlg.exe (Virus.Ramnit) -> Quarantined and deleted successfully.

c:\Users\G parmar\AppData\Local\Temp\BUA\killautorun.exe (Virus.Ramnit) -> Quarantined and deleted successfully.

Many thanks for you time


Link to post
Share on other sites

  • Staff


I'm afraid I have some very bad news...

The infection that you can see in the MBAM scan, Ramnit is what we call a file-infector.

These are particularly malicious, in that they infect all of your legitimate programs.

The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.

What I highly recommend now is a reformat and a reinstallation of Windows XP.

Please let me know if you are prepared to do so.

You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.

So, with that said, do you have your Windows CD?

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.