Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Results of scan with Malwarebytes

Started by Marieukxx , Jan 22 2011 09:34 AM

  • Please log in to reply

#1
Marieukxx
Posted 22 January 2011 - 09:34 AM

Marieukxx

    Member

  • Member
  • PipPip
  • 73 posts
Hi this s my first post here. I am not computer savvy AT ALL so any technical stuff is beyond me lol.

I realised last night I had something bad on my pc as it kept opening explorer and going to random websites. Then it kept coming up saying to download stuff. And my system restore was frozen!

I searched high and low on the net and ran scans with all my usual stuff but nothing could find what it was. I finally found this site and read a post from someone with a similar problem and Malwarebytes was suggested. OMG this was a life saver for me. It found loads of stuff and now my pc is fine again.

I just wondered what you all make of what I had on there? There were Trojans. I don't know anything about computers so don't get too technical please lol.

I've run a full scan plus another quick scan since and nothing was found so hopefully all is well now.

I was really stressed last night up till 4am trying to get rid of whatever was doing all this stuff to my pc. As soon as I found this place and ran malwarebytes I was relieved. So thanks to you all here.

Here's the log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5567

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/01/2011 02:25:48
mbam-log-2011-01-22 (02-25-48).txt

Scan type: Quick scan
Objects scanned: 145763
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 5
Files Infected: 17

Memory Processes Infected:
c:\WINDOWS\Bkuvaa.exe (Trojan.FakeAlert) -> 5680 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...angID=x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...angID=x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\Bjr.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\Bkuvaa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\my documents\downloads\popularscreensavers(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\my documents\downloads\popularscreensavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Bjp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Bjq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Bjs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nseB2.tmp\uninstall.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nsn1CA.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\nsx205.tmp\uninstall.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fp2syy23.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.


AND here is the latest log today:

alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5567

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/01/2011 15:26:59
mbam-log-2011-01-22 (15-26-59).txt

Scan type: Quick scan
Objects scanned: 145686
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
Marieukxx
Posted 22 January 2011 - 03:27 PM

Marieukxx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
bump
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP