Total security and personal guard

View previous topic View next topic Go down

Total security and personal guard

Post by Pokerking98 on Sat Sep 19, 2009 6:05 pm

I suddenly got total security 2009 and personal guard 2009. When you start up you have like 5 seconds before the virus kicks in, quickly went to taskmanager and ended their process. But I know the virus isnt gone. Ran MBAM found 42 infections the first time and it told me to restart so I did, but the virus started up again.

First log: [You must be registered and logged in to see this link.]

So I ran it a second time and heres the second times logs.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

9/19/2009 1:58:08 PM
mbam-log-2009-09-19 (13-58-08).txt

Scan type: Quick Scan
Objects scanned: 84065
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wcenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I already have avenger, combofix and MBAM. Tell me watcha need me to do so I can get rid of this crap. The virus just keeps coming back after MBAM deletes it.

Pokerking98
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 77
Joined Joined : 2009-06-10
OS OS : XP

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Belahzur on Sat Sep 19, 2009 6:27 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Pokerking98 on Sat Sep 19, 2009 6:50 pm

[You must be registered and logged in to see this link.] wrote:Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.
Thank You! Big Grin Thank You!

Pokerking98
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 77
Joined Joined : 2009-06-10
OS OS : XP

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Pokerking98 on Thu Sep 24, 2009 6:44 pm

Everytime I restart total security comes back after numeros attempts with quickscan and full scan on MBAM. I dont know of this is a symptom of Total security but I am getting pop up ads on my web browser even though there clearly shouldnt be. Any help would be greatly appreciated...

Latest MBAM quick scan: [You must be registered and logged in to see this link.] (Today)

Latest Full scan: [You must be registered and logged in to see this link.] ( 4 days ago)

Pokerking98
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 77
Joined Joined : 2009-06-10
OS OS : XP

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Belahzur on Thu Sep 24, 2009 6:51 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Pokerking98 on Thu Sep 24, 2009 7:36 pm

[You must be registered and logged in to see this link.]

Pokerking98
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 77
Joined Joined : 2009-06-10
OS OS : XP

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Belahzur on Thu Sep 24, 2009 11:46 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\rapidade.dll
    c:\windows\system32\nazoduhi.dll
    c:\windows\system32\bamagedo.dll
    c:\windows\system32\kunozisi.dll
    c:\windows\system32\jarugimo.dll
    C:\windows\system32\bozehuka.dll.tmp
    c:\windows\system32\dezaliji.dll.tmp
    c:\windows\system32\pizayato.dll.tmp
    c:\windows\system32\vigiyehu.dll.tmp


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Pokerking98 on Thu Sep 24, 2009 11:50 pm

========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\rapidade.dll
c:\windows\system32\rapidade.dll NOT unregistered.
c:\windows\system32\rapidade.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\nazoduhi.dll
c:\windows\system32\nazoduhi.dll NOT unregistered.
c:\windows\system32\nazoduhi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\bamagedo.dll
c:\windows\system32\bamagedo.dll NOT unregistered.
c:\windows\system32\bamagedo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\kunozisi.dll
c:\windows\system32\kunozisi.dll NOT unregistered.
c:\windows\system32\kunozisi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jarugimo.dll
c:\windows\system32\jarugimo.dll NOT unregistered.
c:\windows\system32\jarugimo.dll moved successfully.
C:\windows\system32\bozehuka.dll.tmp moved successfully.
c:\windows\system32\dezaliji.dll.tmp moved successfully.
c:\windows\system32\pizayato.dll.tmp moved successfully.
c:\windows\system32\vigiyehu.dll.tmp moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09242009_194957

Pokerking98
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 77
Joined Joined : 2009-06-10
OS OS : XP

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Belahzur on Fri Sep 25, 2009 12:01 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Total security and personal guard

Post by Pokerking98 on Fri Sep 25, 2009 12:13 am

Fine for now. Thanks!

Pokerking98
Intermediate
Intermediate

Status :
Online
Offline

Posts Posts : 77
Joined Joined : 2009-06-10
OS OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum