WiredWX Hobby Weather ToolsLog in

 


Im not sure which viris it is....

3 posters

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
"%userprofile%\desktop\commy.exe" /stepdel

it did not give me the chance to put this in... what did i do wrong?

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
should i try and do this again? Thank you

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Hi Belazar, I did what was said to do but it wouldnt let me paste what needed to be pasted it did the scan will it still work for you?

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Belahzur ,,, i apologize about the spelling...

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
I just bought the tips and tricks and have me receipt how do i get the 75 pages... ?

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Hi,

Im not sure which viris it is.... - Page 2 Bf_new Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7465

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/14/2011 9:47:21 AM
mbam-log-2011-08-14 (09-47-21).txt

Scan type: Quick scan
Objects scanned: 201707
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\RealTime Gaming Software\Gold VIP Club Casino (Adware.Casino) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\beach master\local settings\temp\tmp44D6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\beach master\local settings\temp\ptu11f_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\beach master\local settings\temp\ptu120_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\beach master\local settings\temp\ptu184_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\beach master\local settings\temp\ptu185_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\beach master\local settings\temp\ptu186_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\beach master\local settings\temp\ptu187_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Hi Sneakyone,
Just a note after doing this i went to my log in and the page is still green with none of my programs or outlook on it... just wanted you to know Thank you for all that you do.. its greatly appreciated.
Dana

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
i just noticed that malware was on my green screen so i ran it again and found more and this is the note
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7465

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/14/2011 2:33:27 PM
mbam-log-2011-08-14 (14-33-27).txt

Scan type: Quick scan
Objects scanned: 141155
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA73037A-F182-44A0-BC0B-690D71231330} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qulYhhRuoG (Rogue.Agent.SA) -> Value: qulYhhRuoG -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fa72923c85765f4cab1291fcdcf48dc0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-08-15 12:00:02
# local_time=2011-08-15 07:00:02 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 40109185 40109185 0 0
# compatibility_mode=3586 16764926 100 82 44474057 737703265 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132084
# found=17
# cleaned=17
# scan_time=5139
C:\Documents and Settings\Beach Master\Local Settings\temp\ICReinstall\Facemoods[1].exe probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 9957B0472BC21740D1424781D6306277 C
C:\Documents and Settings\Beach Master\Local Settings\temp\1C0.tmp a variant of Win32/Kryptik.RMF trojan (cleaned by deleting - quarantined) 1E6A4136C63F49E37BF9C2CA4BF3D912 C
C:\Documents and Settings\Beach Master\Local Settings\temp\JavaUpdate.exe a variant of Win32/Kryptik.RMF trojan (cleaned by deleting - quarantined) 1E6A4136C63F49E37BF9C2CA4BF3D912 C
C:\Documents and Settings\Beach Master\My Documents\FONTS\free fonts computor\Smartdownload.exe a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 24D98C3EC0291758E5E9D801502C43D5 C
C:\Program Files\PConPoint\PConPoint.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 55DF1C8006E748A42A62B160EF2AEEFC C
C:\Program Files\Slots of Vegas\casino.dll a variant of Win32/CasOnline application (cleaned by deleting - quarantined) C37ACECE76953BCDF941E739D7C13057 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe.vir a variant of Win32/Kryptik.RNF trojan (cleaned by deleting - quarantined) A7FAE5A198DA074CAC7026BFDF7FF781 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\qulYhhRuoG.exe.vir a variant of Win32/Kryptik.RNF trojan (cleaned by deleting - quarantined) 86CBB81C342A2A3C3187CC31BA8660B8 C
C:\RECYCLER\S-1-5-21-4140633030-3341314632-3632176343-1006\Dc2\casino.dll.vir a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 9FAADA8A951FC5387624386A9A7D670A C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0246167.exe Win32/RubyRoyal application (cleaned by deleting - quarantined) AAB82C4076268A66EFEF376EEF3105E0 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1443\A0246715.dll a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 5FC40CCF8E35F13871D2449BA2314DFC C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1443\A0247022.exe a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 84C2FBD53B5C5603A041ACA7F4999710 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1466\A0251701.exe a variant of Win32/Kryptik.RNF trojan (cleaned by deleting - quarantined) A7FAE5A198DA074CAC7026BFDF7FF781 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1466\A0251702.exe a variant of Win32/Kryptik.RNF trojan (cleaned by deleting - quarantined) 86CBB81C342A2A3C3187CC31BA8660B8 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1466\A0251706.dll a variant of Win32/CasOnline application (cleaned by deleting - quarantined) 9FAADA8A951FC5387624386A9A7D670A C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1469\A0252208.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 55DF1C8006E748A42A62B160EF2AEEFC C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1469\A0252209.dll a variant of Win32/CasOnline application (cleaned by deleting - quarantined) C37ACECE76953BCDF941E739D7C13057 C

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Hi just checking in i went to see if my programs and documents were back and outlook and it is still a green screen and nothing on it but the malware and eset . Thank you

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Hi,

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Im not sure which viris it is.... - Page 2 AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    Im not sure which viris it is.... - Page 2 AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-16 06:36:19
-----------------------------
06:36:19.312 OS Version: Windows 5.1.2600 Service Pack 2
06:36:19.312 Number of processors: 2 586 0x403
06:36:19.312 ComputerName: MOTHER UserName: Dana
06:36:20.453 Initialize success
06:37:06.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
06:37:06.359 Disk 0 Vendor: Maxtor_6L160M0 BACE1G10 Size: 152587MB BusType: 3
06:37:08.375 Disk 0 MBR read successfully
06:37:08.375 Disk 0 MBR scan
06:37:08.375 Disk 0 Windows XP default MBR code
06:37:08.375 Disk 0 scanning sectors +312496380
06:37:08.437 Disk 0 scanning C:\WINDOWS\system32\drivers
06:37:13.781 Service scanning
06:37:14.953 Modules scanning
06:37:19.578 Disk 0 trace - called modules:
06:37:19.578 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
06:37:19.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3dab8]
06:37:19.593 3 CLASSPNP.SYS[f76a505b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86fa3030]
06:37:19.593 Scan finished successfully
06:37:36.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dana\Desktop\MBR.dat"
06:37:36.640 The log file has been saved successfully to "C:\Documents and Settings\Dana\Desktop\aswMBR.txt"


descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
Did i do this correctly?

descriptionIm not sure which viris it is.... - Page 2 EmptyRe: Im not sure which viris it is....

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum