Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus on daughters computer...help [Closed]


  • This topic is locked This topic is locked

#16
tdjone813

tdjone813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
MBAM Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-HP [administrator]

10/16/2013 8:59:18 PM
mbam-log-2013-10-16 (20-59-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199353
Time elapsed: 16 minute(s), 8 second(s)

Memory Processes Detected: 2
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts) -> 3472 -> Delete on reboot.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts) -> 3408 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Weather_Notifications,_LL (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_aa2aleyforshtdpg4wulydxoxkc134sw (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_aa2aleyforshtdpg4wulydxoxkc134sw\1.21.0.0 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.

Files Detected: 73
C:\Users\Sarah\Downloads\BitZipperH2010.v20111231.TrialSetupEn.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\DownloadManager_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\finalmediaplayer_732.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\Flash_Setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\Flash_Setup (2).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\Flash_Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\freefileviewer_730.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\frostwire-5.5.5.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\iLividSetup-r362-n-bc (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\iLividSetup-r362-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\java-runtime-environment-jre(1).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\java-runtime-environment-jre.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Sarah\Downloads\musicoasis.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\uninstall.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsK.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsU.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.0.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.1.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.10.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.11.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.12.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.13.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.14.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.15.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.2.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.3.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.4.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.5.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.6.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.7.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.8.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009145223.57\3539.9.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.0.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.1.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.10.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.11.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.12.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.13.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.14.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.15.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.16.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.17.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.18.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.19.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.2.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.20.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.21.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.22.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.23.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.24.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.25.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.3.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.4.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.5.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.6.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.7.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.8.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\3539.9.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\SevereWeatherAlerts\1009150708\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_aa2aleyforshtdpg4wulydxoxkc134sw\1.21.0.0\user.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Did the ESET Scan run successfully? I only see the MBAM log in your last post.
  • 0

#18
tdjone813

tdjone813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I thought it was but it was taking a long time so I put the computer up out of my toddlers reach and let it go and when I looked at it this morning it wasn't on the desktop running anymore. I'm going to try and rerun it and see what happens
  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I thought it was but it was taking a long time so I put the computer up out of my toddlers reach and let it go and when I looked at it this morning it wasn't on the desktop running anymore. I'm going to try and rerun it and see what happens


Ok, no problem. That scan can take quite a while to complete. :)
  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

I wanted to check in with you as it's been 4 days since I've heard from you. Did the ESET scan run successfully?
  • 0

#21
tdjone813

tdjone813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I finished the eset scan but when I try to look up the results from it it says not found
  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
The log file is not in this directory?

C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Let's run ESET again, but first, I'd like to clean out your temporary folders. This will give ESET less to scan and may make the scan go a bit quicker. :)

Please follow my instructions below:


Step 1: TFC Download


Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Note: There will be no log produced by this tool.



Step 2: ESET Scan

Note: At the completion of the scan this time, do not uninstall the program. That may be why there was no log. We'll take of it when we are finished. :)

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Things I need to see in your next post:

ESET Log

  • 0

#24
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :) It's been 4 days since your last post in this thread. Did the ESET scan run to completion this time? Do you need further assistance?
  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP