[Lamarie78]

Tonight while applying at a jobsite a software called "Security Suite" asked to be downloaded into my computer to remove a potential virus. I clicked cancel because I already have Mcafee software. Now, I am unable to open the internet explorer, internet and Mcafee sofware. My computer section is acting very weird and I think I have either a virus or a malware program that has disabled my Mcafee software and Internet Explorer. Please can someone help me. I would really appreiciate it!!! Thank You-
I will be waiting................................................

[Advertisements]

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.

[Thunderbird1988]

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.

[Thunderbird1988]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Thunderbird1988]

Reopened on request.

[Lamarie78]

Thanks Thunderbird for opening my post. Gosh I was so lost for words when i saw my post closed. My desktop on the computer's internt is no working.....I check all day. My brother and sisters desktop internet is working the virus/malware seems to be only on my desktop. I am using their desktop to communicate with you and message board. How can i apply the tips you sent me when I can not open the internet of my desktop? Thanks aagin for getting back to me it is truly appreciated.

[Thunderbird1988]

Hello,

You can download the programs from their pc and then transfer them to yours using a USB-drive or a cd.

Thunderbird1988

[Lamarie78]

Oh I see. Thanks! I will give this a try today. I will get back to you tonight or tomorrow cause I am at work now. Thanks so much.

[Lamarie78]

Crazy work week. Right now I am @ home downloading the softwares to a disk from my brother's desktop. I will get back to you about the results thunderbird1988.

[Lamarie78]

I finally finished scannning one of the file called OTL. I have a problem, when two notepad pops up OTL.Txt and Extras.Txt have an empty note pad. What does that mean? And one other thing, when I downloaded softwares you suggested mbam-setup will not open and it would says "files are corrupted. Please obtain a new copy of the program." TFC would say "E:\TFC.exe is not valid Win32 application." What should I do with these situations.

[Thunderbird1988]

Hello,

It seems that your virus is heavily interfering with our tools. We will work around this, so we can still clean out the malware.

Hello,

Please download RKill.com to your desktop (if you can't download it, please download it form your laptop and transfer it using a cd or usb-drive.
Double click the programme to run it
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

After that, Please try again if you can get an OTL log.

Thunderbird1988

[Lamarie78]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4686

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

9/24/2010 9:03:22 PM
mbam-log-2010-09-24 (21-03-22).txt

Scan type: Quick scan
Objects scanned: 170276
Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpereya (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qtivokaqo (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Lamarie78]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Lisa on 09/24/2010 at 21:38:15.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Users\Lisa\Desktop\rkill.com


Rkill completed on 09/24/2010 at 21:38:17.

[Lamarie78]

I have ran Rkill and mbam. What do you think?

[Thunderbird1988]

Hello,

Your computer should be much more stable now, so we should be able to clean out the rest of the malware.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Please copy and paste the report into your Post.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Thunderbird1988

[Lamarie78]

Thanks, I will contiune with your additional steps