Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus System PRO

Started by skipwalker , Nov 30 2009 10:21 PM

  • Please log in to reply

#1
skipwalker
Posted 30 November 2009 - 10:21 PM

skipwalker

    New Member

  • Member
  • Pip
  • 4 posts
I've got what appears to be something similar to http://www.geekstogo...ro-t257978.html.

Windows XP SP 3. Dell Vostro 410.

Attempting to run MBAM, which I have previously installed awhile ago, gets blocked with the message that the files infected. Attempting to run my Avira Antivirus is met with a similar message about it being infected. Attempting to run process explorer results in similar error messages.

I can't even bring up My Computer properties as the rundll32.exe gets met with the same error message.

Windows Security Center keeps popping up.

Also, www.[bleep].com keeps getting launched in IE, which I rarely use as I favor Firefox 3.5.

It looks like my IE (7.0) has been changed to use a proxy server on 127.0.0.1 on port 5555.

I'm typing this on my laptop which hasn't been infected.

There seems to be a variety of different solutions on these forums for this problem so I'm a bit at a loss as to how and where to start.

Any help in getting started is appreciated. Thank you.
  • 0

Advertisements

#2
skipwalker
Posted 01 December 2009 - 02:32 PM

skipwalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I was able to boot into safe mode. Run FTC, ERUNT, MBAM (which cleaned some things), Root Repeal and OTL. Attached are the various logs. The antivirus system pro warnings seemed to have disappeared after all of that. Hopefully, I'm good to go.

I've attached the MBAM, RootRepeal, and OTL logs. If anyone can tell me whether it looks like I still have remnants of this Antivirus System pro thing, I would appreciate it.
  • 0

#3
skipwalker
Posted 01 December 2009 - 03:37 PM

skipwalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
So to report on my progress. The MBAM seemed to have gotten rid of the Antivirs System Pro security alerts etc. THe only reminent left appears to be in my two browsers, IE 7 and Firefox 3.5.5. I removed the proxy server configuration in IE that had it going to 127.0.0.1 port 5555. However, when I perform a google search from the google toolbar or type in address in the address bar in IE, a Windows Internet Explorer dialog popsup with a message like "Cannot find 'http://${non ascii characters}/' Make sure the path or Internet address is correct." I can't seem to close ie as the clicking ok on the dialog always spawns a new IE browser window.

In Firefox, something similar happens, except, instead, a new tap launches to a url like (which fortunately is a results in a Server Not Found)/.

These things are making both browsers difficult to use.
  • 0

#4
skipwalker
Posted 02 December 2009 - 10:18 AM

skipwalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
So I ran combofix, which apparently found a root kit. I'm attaching the log in case anyone has an opportunity to help me. My browser issues seem to have been cleared up by combofix.

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP