Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help removing virus


  • This topic is locked This topic is locked

#16
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Good. Now just post the Malwarebytes log.

How is your computer running?
Did the symptoms stop?
  • 0

Advertisements


#17
compdisaster10

compdisaster10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
sorry took so long to post the mbam log, had to leave briefly.
my computer already started acting much better after the combofix. Some things that had been missing reappeared. ;) and the symptoms have stopped. And I can get on IE now :D


mbam log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5297

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/11/2010 3:33:25 PM
mbam-log-2010-12-11 (15-33-25).txt

Scan type: Quick scan
Objects scanned: 151673
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.

Edited by compdisaster10, 11 December 2010 - 09:13 PM.

  • 0

#18
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Cool, I would say you are clean again. But lets get one more scan to make sure. This one will take a while.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#19
compdisaster10

compdisaster10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, Kaspersky said I had missing plugins that I needed to install before I could download. It's Java, but I noticed that right before the infections hit each time, the Java cup of joe had appeared on the screen, so now I'm kinda scared of it. I had removed it from my programs (hence the prompt). Do I go ahead and install it back? (I thought I'd ask first to be on the safe side.)

Thanks for your help!
  • 0

#20
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
That's fine that you uninstalled java. It's probably safer that way. Java gets updated a lot for security holes, so if you don't update it, then it's a security risk.

Try this offline version of kaspersky.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#21
compdisaster10

compdisaster10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hello, sorry it took so long! the log doesn't show any detected infections that I can tell. this the only thing it reported at the end:

Autoscan: completed 8 minutes ago (events: 2, objects: 366123, time: 08:18:27)
12/13/2010 8:10:57 AM Task started
12/13/2010 4:29:24 PM Task completed

I hope that means all is well :D
  • 0

#22
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
You look clean again :D If you have any more problems you can post back here.

Mitch8
  • 0

#23
compdisaster10

compdisaster10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
thanks Mitch8! you are the best! :D
  • 0

#24
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP