Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus System PRO


  • Please log in to reply

#1
skipwalker

skipwalker

    New Member

  • Member
  • Pip
  • 4 posts
I've got what appears to be something similar to http://www.geekstogo...ro-t257978.html.

Windows XP SP 3. Dell Vostro 410.

Attempting to run MBAM, which I have previously installed awhile ago, gets blocked with the message that the files infected. Attempting to run my Avira Antivirus is met with a similar message about it being infected. Attempting to run process explorer results in similar error messages.

I can't even bring up My Computer properties as the rundll32.exe gets met with the same error message.

Windows Security Center keeps popping up.

Also, www.[bleep].com keeps getting launched in IE, which I rarely use as I favor Firefox 3.5.

It looks like my IE (7.0) has been changed to use a proxy server on 127.0.0.1 on port 5555.

I'm typing this on my laptop which hasn't been infected.

There seems to be a variety of different solutions on these forums for this problem so I'm a bit at a loss as to how and where to start.

Any help in getting started is appreciated. Thank you.
  • 0

Advertisements


#2
skipwalker

skipwalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I was able to boot into safe mode. Run FTC, ERUNT, MBAM (which cleaned some things), Root Repeal and OTL. Attached are the various logs. The antivirus system pro warnings seemed to have disappeared after all of that. Hopefully, I'm good to go.

I've attached the MBAM, RootRepeal, and OTL logs. If anyone can tell me whether it looks like I still have remnants of this Antivirus System pro thing, I would appreciate it.
  • 0

#3
skipwalker

skipwalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
So to report on my progress. The MBAM seemed to have gotten rid of the Antivirs System Pro security alerts etc. THe only reminent left appears to be in my two browsers, IE 7 and Firefox 3.5.5. I removed the proxy server configuration in IE that had it going to 127.0.0.1 port 5555. However, when I perform a google search from the google toolbar or type in address in the address bar in IE, a Windows Internet Explorer dialog popsup with a message like "Cannot find 'http://${non ascii characters}/' Make sure the path or Internet address is correct." I can't seem to close ie as the clicking ok on the dialog always spawns a new IE browser window.

In Firefox, something similar happens, except, instead, a new tap launches to a url like (which fortunately is a results in a Server Not Found)/.

These things are making both browsers difficult to use.
  • 0

#4
skipwalker

skipwalker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
So I ran combofix, which apparently found a root kit. I'm attaching the log in case anyone has an opportunity to help me. My browser issues seem to have been cleared up by combofix.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP