Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

McAfee SecurityCenter Firewall will not stay on. Malware suspected


  • This topic is locked This topic is locked

#16
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
OK, it has been 24+ hours and still no symptoms. I completed the steps in your last post. Just for good measure I ran a full Malwarebytes scan. It came up with 6 infections:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MaryDudzinski :: MARYDSPC [administrator]

10/15/2012 9:50:46 AM
mbam-log-2012-10-15 (11-27-38).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 484539
Time elapsed: 59 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\MaryDudzinski\Downloads\Picasa_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.

(end)

I know it says "no action taken". That's because I saved a copy of the log before applying the fix. I did run the fix and after a restart, the scan is clear. What I'm thinking my friend did is tried to install Picasa and somehow got a hold of an infected copy. She told me the symptoms started after she installed Picasa. I looked on Picasa's website and the filename for their installer is slightly different from the infected file. I ran the suspected file through Virustotal.com and it came back as infected. Anyway, now it is gone. Is there anything else I need to do? If not, Thank you very much for your time.
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, as the main elements detected by MBAM were orphaned registry entries, and of no great import

You should be good to go now :)
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP