First of all thanks for your services on this great system of yours (RogueKiller).
I recently got infected with "Ransom Trojan" and it seems I managed to clear my PC off of it; I think, but I am not sure if it is 100% cleared. However, I did scan with RogueKiller and it came up with stuff on my System but I am not sure if they are false positive or I should delete them? Please be specific and clear to which ones should I delete? Specially the 3 "registry" items found.
please help me.
This is the latest report on my PC.
Thanks Tigzy
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : WP [Admin rights]
Mode : Scan -- Date : 10/04/2012 09:17:16
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8080;hxxps=127.0.0.1:8080;socks=127.0.0.1:1080) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 1f434a8c6c1e2f6c389ddccc9ace4a32
[BSP] bdd3f260ea99cc6d2dd6c92b8e20d37f : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 945996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1937401856 | Size: 7870 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Edited by admin, 04 October 2012 - 12:34 AM.
Moved to malware removal forum