IS 2010

View previous topic View next topic Go down

Re: IS 2010

Post by amdwinxgrl on 3rd February 2010, 3:46 am

My computer has been infected with the fake anti-virus program, Antivirus Soft. I believe it came from facebook. I tried running the computer in safe mode and using Malware Bytes to scan for infections. The first two times I scanned, some infections were found. I removed them but when the computer restarted, the virus was still there. The third and fourth time I scanned the computer, there were NO infections found but the virus is still on my computer. My system restore's last checkpoint is Feb. 2, 2010 at 1 am, so that doesn't help either. I don't know what to do. Please help!

amdwinxgrl
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-03
Gender Gender : Female
OS OS : Windows XP
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

Re: IS 2010

Post by E-mu on 3rd February 2010, 12:38 pm

Hi amdwinxgrl,

Read this:
[You must be registered and logged in to see this link.]

And post the your HijackThis log in the forum below:
[You must be registered and logged in to see this link.]

E-mu
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-01-11
Gender Gender : Male
OS OS : Windows 7
Points Points : 25617
# Likes # Likes : 0

View user profile

Back to top Go down

Re: IS 2010

Post by amdwinxgrl on 4th February 2010, 12:19 am

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

1/25/2010 11:49:28 PM
mbam-log-2010-01-25 (23-49-27).txt

Scan type: Quick Scan
Objects scanned: 176741
Time elapsed: 58 minute(s), 15 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 13
Folders Infected: 4
Files Infected: 10

Memory Processes Infected:
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Unloaded process successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qwprotect.qwprotectbho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0d1dbfee-0c43-4223-8b3e-a56fb3c5c87d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d1dbfee-0c43-4223-8b3e-a56fb3c5c87d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\QWProtect.dll (Rogue.AntiVirus1) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kwmsidoc.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\ASHLEY DOMINIC\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASHLEY DOMINIC\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASHLEY DOMINIC\Application Data\FunWebProducts\Data\ASHLEY DOMINIC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Delete on reboot.

Files Infected:
C:\WINDOWS\kwmsidoc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\stuffx3\My Documents\downloads\setup_build206_157.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASHLEY DOMINIC\Application Data\FunWebProducts\Data\ASHLEY DOMINIC\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASHLEY DOMINIC\Application Data\FunWebProducts\Data\ASHLEY DOMINIC\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASHLEY DOMINIC\Application Data\FunWebProducts\Data\ASHLEY DOMINIC\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Delete on reboot.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

amdwinxgrl
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-03
Gender Gender : Female
OS OS : Windows XP
Points Points : 25251
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum