Malware.bot

View previous topic View next topic Go down

Malware.bot

Post by Rodp20 on 18th February 2010, 8:52 pm

Hi I am a first time user of this website
I run windows Vista Business on an HP Pavillion dv2000.
I have Norton 360 as my main antivirus protection and often run Windows Defender.
Recently I discovered the Norton Log showed details of the Malware.bot having been discovered and removed.
Since then I have had slow start up, jammed screens, slow starts to programs like Outlook, Excel, Word and Internet Explorer. Safari and Google.
I have run numerous full Norton scans and they keep picking up 1 problem and reporting it fixed but the problem doesn't go away for very long. When I reboot from the totally off situation it takes nearly 20mins to get my laptop to a condition that I can start work. It generally runs well for a period of time and then things start jamming up again. This relates to nil response from icons on my desktop etc. Its like everything happens 30secs after the initial request which results in multiple opening of files.
I run Outlook for my personal mail and Outlook Exchange for my business Mail via a VPN remote connection.
Any assistance you can offer would be appreciated

Rodp20
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
Gender Gender : Male
OS OS : Windows Vista Business
Points Points : 24948
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware.bot

Post by Dr Jay on 18th February 2010, 9:26 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware.bot

Post by Rodp20 on 18th February 2010, 11:48 pm

Thanks for the above
File attached belowComboFix 10-02-18.05 - Rod Philson 19/02/2010 11:32:27.1.2 - x86
Running from: c:\users\Rod Philson\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-215759572-733765827-1045554583-500
c:\$recycle.bin\S-1-5-21-529663085-149360808-32002424-1001
c:\$recycle.bin\S-1-5-21-215759572-733765827-1045554583-500\desktop.ini
c:\$recycle.bin\S-1-5-21-529663085-149360808-32002424-1001\desktop.ini
c:\windows\rs.txt

.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 22:55 . 2010-02-18 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-18 22:55 . 2010-02-18 22:58 -------- d-----w- c:\users\Rod Philson\AppData\Local\temp
2010-02-18 22:55 . 2010-02-18 22:55 -------- d-----w- c:\users\rod\AppData\Local\temp
2010-02-10 14:43 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 14:43 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 14:42 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 14:42 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 14:41 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 14:41 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 14:40 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 14:40 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 14:33 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 14:33 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 14:33 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 14:33 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 14:33 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 14:33 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 14:33 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 14:33 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 14:33 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-02 22:53 . 2010-02-02 22:53 -------- d-----r- c:\program files\Norton Support
2010-02-02 09:31 . 2010-02-02 09:31 -------- d-----w- c:\users\Rod Philson\AppData\Roaming\Uniblue
2010-02-02 02:40 . 2010-02-10 00:01 -------- d-----w- c:\programdata\RegCure
2010-01-22 00:56 . 2010-01-22 00:56 -------- d-----w- c:\temp\r36856en
2010-01-22 00:39 . 2010-01-22 00:39 -------- d-----w- c:\temp\z40035L6
2010-01-21 01:09 . 2010-01-21 01:09 -------- d-----w- c:\users\Rod Philson\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 19:00 . 2007-06-28 03:20 -------- d-----w- c:\programdata\Google Updater
2010-02-18 18:55 . 2007-05-14 08:07 50137 ----a-w- c:\users\Rod Philson\AppData\Roaming\nvModes.dat
2010-02-18 18:52 . 2009-11-25 22:49 -------- d-----w- c:\program files\LogMeIn
2010-02-17 20:16 . 2007-02-07 21:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-10 21:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 20:08 . 2007-05-19 03:37 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 23:07 . 2009-05-01 22:17 -------- d-----w- c:\program files\Symantec
2010-01-30 20:40 . 2007-05-14 06:22 129952 ----a-w- c:\users\Rod Philson\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-30 06:17 . 2007-02-07 22:41 -------- d-----w- c:\program files\Google
2010-01-30 05:56 . 2007-02-07 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-30 05:45 . 2009-10-02 21:01 -------- d-----w- c:\programdata\BVRP Software
2010-01-20 19:54 . 2007-12-29 03:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 09:11 . 2007-02-07 22:05 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-15 03:21 . 2008-02-26 19:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 22:12 . 2009-10-02 19:39 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 06:56 . 2007-05-22 05:07 -------- d-----w- c:\users\Rod Philson\AppData\Roaming\BankLink
2010-01-07 21:45 . 2010-01-07 21:37 -------- d-----w- c:\users\Rod Philson\AppData\Roaming\YouSendIt
2010-01-07 07:53 . 2010-01-07 07:41 -------- d-----w- c:\users\Rod Philson\AppData\Roaming\Media Player Classic
2010-01-02 06:38 . 2010-01-22 20:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 20:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 20:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 20:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-26 06:38 . 2009-12-06 03:36 -------- d-----w- c:\users\Rod Philson\AppData\Roaming\Skype
2009-12-21 19:33 . 2007-02-07 22:59 -------- d-----w- c:\program files\Java
2008-01-01 12:15 . 2008-01-01 04:32 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-01-01 12:15 . 2008-01-01 04:32 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1021224]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 02:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 03:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c9,88,37,c2,dc,38,ca,01

R2 gupdate1c988a5ed247125;Google Update Service (gupdate1c988a5ed247125);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 133104]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100210.001\IDSvix86.sys [2009-10-28 343088]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-10 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-10 47640]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-02 193840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-14 04:35]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 21:56]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 21:56]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-152049171-725345543-1216Core.job
- c:\users\rod\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-09 01:53]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-152049171-725345543-1216UA.job
- c:\users\rod\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-09 01:53]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-529663085-149360808-32002424-1000Core.job
- c:\users\Rod Philson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 03:17]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-529663085-149360808-32002424-1000UA.job
- c:\users\Rod Philson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 03:17]

2007-07-13 c:\windows\Tasks\HPCeeScheduleForRod Philson.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-02-07 00:08]

2008-02-24 c:\windows\Tasks\HPCeeScheduleForrod.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-02-07 00:08]

2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{AA1FEF65-9EA2-4942-9EE9-30BFE1093950}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys
AddRemove-BankLink Books 2009_is1 - c:\bk5\BK5 Philcorn Ltd\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-19 11:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000007e

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-19 12:17:46
ComboFix-quarantined-files.txt 2010-02-18 23:17

Pre-Run: 40,218,816,512 bytes free
Post-Run: 40,294,301,696 bytes free

- - End Of File - - 3D78F32495BEDE497B25AD8009F2B052


Last edited by Rodp20 on 18th February 2010, 11:59 pm; edited 1 time in total (Reason for editing : Attach file requested)

Rodp20
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
Gender Gender : Male
OS OS : Windows Vista Business
Points Points : 24948
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware.bot

Post by Dr Jay on 19th February 2010, 4:17 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware.bot

Post by Rodp20 on 22nd February 2010, 10:29 pm

Hi Had some problems with this however here are the logs of the scans I did. Omitted to tick cancel Internet Explorer the first time. Scanned 3 times see log below
Malwarebytes' Anti-Malware 1.44
Database version: 3767
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

21/02/2010 11:09:43 a.m.
mbam-log-2010-02-21 (11-09-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 0
Time elapsed: 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Next scan


Malwarebytes' Anti-Malware 1.44
Database version: 3768
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

21/02/2010 6:30:28 p.m.
mbam-log-2010-02-21 (18-30-28).txt

Scan type: Quick Scan
Objects scanned: 117619
Time elapsed: 16 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\rod\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\AdwareAlert\Quarantine\12-07-2008-15-44-28 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\rod\AppData\Roaming\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


Next scan


Malwarebytes' Anti-Malware 1.44
Database version: 3773
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

22/02/2010 11:51:44 p.m.
mbam-log-2010-02-22 (23-51-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 302330
Time elapsed: 3 hour(s), 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Still have very slow start up Locking screens and Outlook Not responding and Internet Explorer/Safari/Google chrome all very slow and becomming non responsive- Really appreciate your assistance

Rodp20
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
Gender Gender : Male
OS OS : Windows Vista Business
Points Points : 24948
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware.bot

Post by Rodp20 on 22nd February 2010, 11:59 pm

I ran Xoftspy today and it shows the following
doubleclickcookie located at c:\users\rod philson\appdata\roaming\microsoft\windows\cookies
low\rod_philson@doubleclick[1].txt

c:\users\rod philson\appdata\roaming\microsoft\windows\cookies
low\rod_philson@statcounter[1].txt

How can I remove these

Rodp20
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
Gender Gender : Male
OS OS : Windows Vista Business
Points Points : 24948
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware.bot

Post by Dr Jay on 23rd February 2010, 2:14 am

Those are no risk items.

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware.bot

Post by Rodp20 on 23rd February 2010, 3:59 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

The log doesnt show that Eset found two trojans - a derivitive of W32.....

Rodp20
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
Gender Gender : Male
OS OS : Windows Vista Business
Points Points : 24948
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware.bot

Post by Dr Jay on 23rd February 2010, 5:11 pm

No biggie. How is your computer running now? Any other issues?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware.bot

Post by Rodp20 on 23rd February 2010, 7:57 pm

It is still twicthy but is much better. I ran a scan on the hardware and it is now suggesting that RAM needs upgrading. I will look into this and see what can be done. If you dont mind I will keep the post open and see how things go today. Thanks for your help - much appreciated.

Rodp20
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
Gender Gender : Male
OS OS : Windows Vista Business
Points Points : 24948
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware.bot

Post by Dr Jay on 24th February 2010, 2:46 am

What scan did you do?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum