Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

McAfee SecurityCenter Firewall will not stay on. Malware suspected

Started by rockitout , Oct 12 2012 11:29 AM

  • This topic is locked This topic is locked

#16
rockitout
Posted 15 October 2012 - 11:50 AM

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
OK, it has been 24+ hours and still no symptoms. I completed the steps in your last post. Just for good measure I ran a full Malwarebytes scan. It came up with 6 infections:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MaryDudzinski :: MARYDSPC [administrator]

10/15/2012 9:50:46 AM
mbam-log-2012-10-15 (11-27-38).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 484539
Time elapsed: 59 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\MaryDudzinski\Downloads\Picasa_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.

(end)

I know it says "no action taken". That's because I saved a copy of the log before applying the fix. I did run the fix and after a restart, the scan is clear. What I'm thinking my friend did is tried to install Picasa and somehow got a hold of an infected copy. She told me the symptoms started after she installed Picasa. I looked on Picasa's website and the filename for their installer is slightly different from the infected file. I ran the suspected file through Virustotal.com and it came back as infected. Anyway, now it is gone. Is there anything else I need to do? If not, Thank you very much for your time.
  • 0

Advertisements

#17
Essexboy
Posted 15 October 2012 - 12:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, as the main elements detected by MBAM were orphaned registry entries, and of no great import

You should be good to go now :)
  • 0

#18
Essexboy
Posted 18 October 2012 - 03:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP