I realised last night I had something bad on my pc as it kept opening explorer and going to random websites. Then it kept coming up saying to download stuff. And my system restore was frozen!
I searched high and low on the net and ran scans with all my usual stuff but nothing could find what it was. I finally found this site and read a post from someone with a similar problem and Malwarebytes was suggested. OMG this was a life saver for me. It found loads of stuff and now my pc is fine again.
I just wondered what you all make of what I had on there? There were Trojans. I don't know anything about computers so don't get too technical please lol.
I've run a full scan plus another quick scan since and nothing was found so hopefully all is well now.
I was really stressed last night up till 4am trying to get rid of whatever was doing all this stuff to my pc. As soon as I found this place and ran malwarebytes I was relieved. So thanks to you all here.
Here's the log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5567
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22/01/2011 02:25:48
mbam-log-2011-01-22 (02-25-48).txt
Scan type: Quick scan
Objects scanned: 145763
Time elapsed: 13 minute(s), 18 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 5
Files Infected: 17
Memory Processes Infected:
c:\WINDOWS\Bkuvaa.exe (Trojan.FakeAlert) -> 5680 -> Unloaded process successfully.
Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...angID=x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...angID=x&Ext=%s) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\Bjr.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\Bkuvaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\my documents\downloads\popularscreensavers(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\my documents\downloads\popularscreensavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Bjp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Bjq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Bjs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nseB2.tmp\uninstall.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nsn1CA.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nsx205.tmp\uninstall.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fp2syy23.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
AND here is the latest log today:
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5567
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22/01/2011 15:26:59
mbam-log-2011-01-22 (15-26-59).txt
Scan type: Quick scan
Objects scanned: 145686
Time elapsed: 7 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)