[mitch8]

Hi,

Do you have any other problems besides the popup?

Try running Malwarebytes' Anti-Malware in safe mode.

To boot into safe mode:

• Click Start and then click Shut Down.
  
• In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.
  
• As your computer restarts but before Windows launches, press F8.
  
• Use the arrow keys to highlight the safe mode option, and then press ENTER.

[Henry1st]

Hi,

no problems the last 2 times I used my computer, and no popup's either.

MBAM stopped again, I made a note of what I thought may be of use or interest.

This was what was on the MBAM window when it stopped.
Objects scanned: 14499
Objects infected: 1
Time elasped: 4mins 39 secs

currently scanning
C:\WINDOWS\system32\vcdex.dll

Error message:
MBAM has encountered a problem and needs to close.
Please tell MS about this problem.

Data error report -
Error signature
AppName: mbam.exe AppVer: 1.46.0.1 ModName: mbam.dll
ModVer: 1.46.0.0 Offset: 0001fffe

Report Details - technical info, too much data, can't copy or save it.

Click Send Error Report, which appears to work OK.

Then -
DrWatson Postmortem Debugger has encountered a problem and needs to close.
Please tell MS ..............

Click Send Error Report, which appears to work OK.

and then it locks up, and it says MBAM (Not Responding)

When I went back into normal mode, MS Essentials real time protection was switched off ?? switched it back on ASAP.

R

[mitch8]

Alright, I want to see the one file it keeps identifying. Run the scan again but when it finds the infected file stop the scan. It will then go to the results page and you can select to remove the file. Post the log it makes here.

[Henry1st]

File deleted, log attached.
I ran the scan agian but it stopped on C:\WINDOWS\system32\vcdex.dll again.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5110

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

19/11/2010 22:40:47
mbam-log-2010-11-19 (22-40-47).txt

Scan type: Quick scan
Objects scanned: 12159
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[mitch8]

Alright I guess Malwarebytes doesn't want to run on your computer, you can uninstall it. Do you have any other problems? Any pop-ups or random slowness?

[Henry1st]

Hi, my computer seems OK thanks to you. No pops in the last few days.

One thing that has changed in the last few days is MS Essentials Real Time Protection is switched off when the computer starts up.
I switch it on immediately. Due you think I should uninstall and re-install it?

[mitch8]

I guess it is worth a try. Let me now how it goes.

[Henry1st]

Hi, I re-installed MS Essentials, unfortunately it still starts up unprotected.

A friend has offered me a license for Avira, he has a 3 user 3 year license with 1 spare, so I will probably take him up on the offer.

Otherwise everything seems to be well.

[mitch8]

That's weird it wouldn't work. If you have any more malware related issues you can post back here. I will keep this thread open for a few days; otherwise I will close it.

Mitch8

[mitch8]

Oops, I forgot to tell you how to remove the tools we used.

It looks like you log is clean You need to remove the malware removal tools from your computer, to do that:

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  
• After that open OTL and click on CleanUp

Please follow the steps below to keep your computer clean.

• Clean restore points - To get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  
  • Select Start > All Programs > Accessories > System tools > System Restore.
    
  • On the dialogue box that appears select Create a Restore Point
    
  • Click NEXT
    
  • Enter a name e.g. Clean
    
  • Click CREATE
  
  You now have a clean restore point, to get rid of the bad ones:
  
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    
  • In the Drop down box that appears select your main drive e.g. C
    
  • Click OK
    
  • The System will do some calculation and the display a dialogue box with TABS
    
  • Select the More Options Tab.
    
  • At the bottom will be a system restore box with a CLEANUP button click this
    
  • Accept the Warning and select OK again, the program will close and you are done
  
  
  
• Update your computer - To check for updates yourself go to http://windowsupdate.microsoft.com It is very important to check for updates often as my security problems are fixed with updates. Also make sure your computer will update automatically, to do that:
  
  • Go the control panel
  • Click on security center
  • Then "Automatic Updates"
  • Select Automatic (recommended)
  • Pick the time and click ok
  
  
  
• Update Java - It's very important to keep java up to date because older versions have vulnerabilities that malware can use to infect your system.
  Please download JavaRa to your desktop and unzip it to its own folder
  
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    
  • Accept any prompts.
    
  • Open JavaRa.exe again and select Search For Updates.
    
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  
  
  
• Update Adobe Reader- It's good to keep Adobe Reader updated to because many security problems are fixed in updates. To check for updates:
  
  • Open Adobe Reader
    
  • On the menu bar click on help then check for updates...
    
  • The program will then tell you if updates are available
  
  
  
• Anti-spyware programs - These programs will scan your computer and delete spyware. If you do not have any anti-spyware programs on your computer I recommend:
  
  • Malware Bytes
  • SUPERAntiSpyware
  
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A good tutorial on SpywareBlaster can be found at http://www.bleepingc...tutorial49.html
  
  
• Prevention - Here are some other programs that will help you say safe on your computer:
  
  • ThreatFire - program that can detect malicious activity and remove the threat
  • WOT (web of trust) - rates websites and will warn you if a website has a poor rating
  • McAfee SiteAdvisor - warns you of malicious websites
  • Firefox - a safer web browser
  
  
  
• Update your security software! You have to update you security software to make sure your computer is safe from new malware threats.
  
  
• And also see TonyKlein's article
  So how did I get infected in the first place?

[Henry1st]

Hi, last 2 times we started up MSE real protection was switched on

Thanks for your help, I have completed up to Adobe Reader, will continue tomorrow.

[mitch8]

Your welcome.

I will keep this thread open for a few days in case you have any more problems.

[mitch8]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.