Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antimalware go


  • Please log in to reply

#1
sendme10

sendme10

    New Member

  • Member
  • Pip
  • 1 posts
I picked up some type of computer infection that appears to be called AntiMalware GO IE is not working but AOL is. malware bytes didn't pick up anything here is a rouge killer result:
RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 01/02/2011 17:00:40

Bad processes: 0

Registry Entries: 4
[APPDT/TMP/PF ROGUE] HKCU\[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[APPDT/TMP/PF ROGUE] HKUS\S-1-5-21-668587658-2659903005-2207730885-1000[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 28/02/2011 17:13:51

Bad processes: 0

Registry Entries: 4
[APPDT/TMP/PF ROGUE] HKCU\[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[APPDT/TMP/PF ROGUE] HKUS\S-1-5-21-668587658-2659903005-2207730885-1000[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Remove -- Time : 28/02/2011 17:14:51

Bad processes: 0

Registry Entries: 3
[APPDT/TMP/PF ROGUE] HKCU\[...]\Run : mhonbclv (C:\Users\dan\AppData\Local\Temp\qvkhlhqkm\onlbdiuhmof.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> NOT REMOVED, USE PROXYFIX

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 28/02/2011 17:24:36

Bad processes: 0

Registry Entries: 2
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:33440) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 27/02/2011 22:11:40

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 27/02/2011 22:15:09

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Remove -- Time : 27/02/2011 22:15:28

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished




RogueKiller V4.0.1 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: dan [Admin rights]
Mode: Scan -- Time : 27/02/2011 22:29:46

Bad processes: 1
[APPDATA/TEMP/DESKTOP] HijackThis.exe -- c:\users\dan\desktop\hijackthis.exe -> KILLED

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,714 posts
  • MVP
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
Now Run OTL (Step 2 in the guidelines in the top post of the Malware Removal forum
http://www.geekstogo...uide-t2852.html )
and copy and paste both your OTL and Extras logs into a reply.



Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP