Vista Security 2012 Virus
Started by
Tidenova
, Jul 26 2011 02:09 PM
#16
Posted 14 August 2011 - 03:07 PM
Tidenova
- Topic Starter
-
- Member
-
- 101 posts
Member
#17
Posted 14 August 2011 - 08:30 PM
Tidenova
- Topic Starter
-
- Member
-
- 101 posts
Member
****MBAM Log****
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/14/2011 7:24:25 PM
mbam-log-2011-08-14 (19-24-25).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 277866
Time elapsed: 1 hour(s), 30 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Rufty\AppData\Local\temp\0.015181584497325096.exe (Trojan.Dropper) -> No action taken.
---------------------------------------------------
****Log.txt****
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c1baf7422b66db42ada78f52135dff56
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-15 01:29:34
# local_time=2011-08-14 09:29:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 16848557 16848557 0 0
# compatibility_mode=5892 16776574 66 100 50774673 149973751 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156659
# found=0
# cleaned=0
# scan_time=5551
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/14/2011 7:24:25 PM
mbam-log-2011-08-14 (19-24-25).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 277866
Time elapsed: 1 hour(s), 30 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Rufty\AppData\Local\temp\0.015181584497325096.exe (Trojan.Dropper) -> No action taken.
---------------------------------------------------
****Log.txt****
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c1baf7422b66db42ada78f52135dff56
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-15 01:29:34
# local_time=2011-08-14 09:29:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 16848557 16848557 0 0
# compatibility_mode=5892 16776574 66 100 50774673 149973751 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156659
# found=0
# cleaned=0
# scan_time=5551
#18
Posted 15 August 2011 - 05:06 AM
Nedklaw
-
- Malware Removal
-
- 1,652 posts
Trusted Helper
By glitches, do you mean things not responding?
If not, what do you mean by glitches?
Did you update Malwarebytes' Anti-Malware before scanning?
Please update the program before scanning. Perform a Quick Scan and remove everything that the scan finds. Finally, post the MBAM log produced. <-------- This is really important!
Things I want to see in your next reply
If not, what do you mean by glitches?
Did you update Malwarebytes' Anti-Malware before scanning?
Please update the program before scanning. Perform a Quick Scan and remove everything that the scan finds. Finally, post the MBAM log produced. <-------- This is really important!
Things I want to see in your next reply
- Answers to my questions
- MBAM Log
#19
Posted 15 August 2011 - 12:53 PM
Tidenova
- Topic Starter
-
- Member
-
- 101 posts
Member
By glitches I meant that sometimes I would click on the desktop and it would be frozen. Sometimes streaming video from the internet would play but it would almost be in slow motion and no sound. Sometimes the computer freezes up and I have to close everything and then open whatever I was doing again in order to get it to work.
All of these problems are normally resolved by shutting off the computer and turning it back on, but they still happen later on down the road.
I did update MBAM but here is a log again following another update:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7470
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/15/2011 2:53:16 PM
mbam-log-2011-08-15 (14-53-16).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 321299
Time elapsed: 1 hour(s), 11 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Rufty\AppData\Local\vwu.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
All of these problems are normally resolved by shutting off the computer and turning it back on, but they still happen later on down the road.
I did update MBAM but here is a log again following another update:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7470
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/15/2011 2:53:16 PM
mbam-log-2011-08-15 (14-53-16).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 321299
Time elapsed: 1 hour(s), 11 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Rufty\AppData\Local\vwu.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#20
Posted 17 August 2011 - 04:15 PM
Nedklaw
-
- Malware Removal
-
- 1,652 posts
Trusted Helper
The problems you are experiencing could be due to some maintenance problems. I recommend uninstalling any programs you don't use and deleting any personal files you don't want. I also recommend running Puran Disc Defragmenter which can be found later on in my speech.
Hello!
Congratultions your logs look clean!
Please follow the steps below to make your computer more secure.
First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!
Cleanup
Run OTL.
Download and run Puran Disc Defragmenter.
For the first run I would recommend a boot defrag and disk check.
Updates
Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.
How to turn on Automatic Updates:
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.
How to check for Adobe Reader updates:
Make sure you have the latest Adobe Flash Player (10.3.183.5) and Adobe Shockwave Player (11.6.1.629) so you can view all of the latest content on websites.
Make Internet Explorer more secure
Recommended Programs
Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:
Anti-Spyware Programs
MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.
SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.
Alternate Browsers
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.
Add-ons
NoScript - Blocks ads and other potential website attacks.
AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.
DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.
Other browsers include:
Google Chrome
Safari
Opera
Other Programs
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.
MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Google Toolbar - Get the free google toolbar to help stop pop ups.
Finally...
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!!
Hello!
Congratultions your logs look clean!
Please follow the steps below to make your computer more secure.
First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!
Cleanup
Run OTL.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
- Close all other programs apart from OTL as this step will require a reboot.
- On the OTL main screen, press the CLEANUP button.
- Say Yes to the prompt and then allow the program to reboot your computer
Download and run Puran Disc Defragmenter.
For the first run I would recommend a boot defrag and disk check.
Updates
Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.
How to turn on Automatic Updates:
- Click on Start.
- Right-click My Computer.
- Select Properties.
- Click on the Automatic Updates Tab.
- Place a checkmark in the circle next to Automatic (recommended) near the green shield.
- Click Apply > OK.
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.
How to check for Adobe Reader updates:
- Open Adobe Reader.
- On the menu bar click on Help then Check For Updates.
- The program will then tell you if updates are available.
Make sure you have the latest Adobe Flash Player (10.3.183.5) and Adobe Shockwave Player (11.6.1.629) so you can view all of the latest content on websites.
Make Internet Explorer more secure
- Click Start > Run.
- Type Inetcpl.cpl & click OK.
- Click on the Security tab.
- Click Reset all zones to default level.
- Make sure the Internet Zone is selected & Click Custom level.
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Recommended Programs
Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:
Anti-Spyware Programs
MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.
SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.
Alternate Browsers
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.
Add-ons
NoScript - Blocks ads and other potential website attacks.
AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.
DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.
Other browsers include:
Google Chrome
Safari
Opera
Other Programs
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.
MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Google Toolbar - Get the free google toolbar to help stop pop ups.
Finally...
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!!
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
