XP Anti-Spyware 2011

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

XP Anti-Spyware 2011

Post by killem on Sun 27 Feb 2011, 11:17 am

First topic message reminder :

I need help!!!

My other home office computer (next to the one I'm posting from) was infected with some type of malware program called "XP Anti-Spyware 2011". I have used your site once before and received good help, so I looked at some posts; one of which said to run Malwarebytes. Since the infected machine won't let me access the internet, I downloaded MB to a thumb drive and ran it on the infected machine while in "Safe mode with Networking".

It appeared to work: after the scan it brought up a list of about a dozen items. All but about 4-5 of these items were auto-checkmarked. Assuming MB knew which ones were 'bad' I had it remove/delete those that were already checkmarked. Here's the log I saved after this action:

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5888

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/26/2011 3:26:27 PM
mbam-log-2011-02-26 (15-26-15).txt

Scan type: Quick scan
Objects scanned: 168277
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
c:\documents and settings\administrator\local settings\application data\whv.exe (Trojan.FakeAlert) -> 1580 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> No action taken.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 (PUP.PerfectOptimizer) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\whv.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.

Folders Infected:
c:\documents and settings\Rick\start menu\Programs\perfect optimizer (PUP.PerfectOptimizer) -> No action taken.

Files Infected:
c:\documents and settings\administrator\local settings\application data\whv.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\administrator\local settings\application data\nkx.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\perfect optimizer.lnk (PUP.PerfectOptimizer) -> No action taken.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\uninstall.lnk (PUP.PerfectOptimizer) -> No action taken.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\Website.lnk (PUP.PerfectOptimizer) -> No action taken.

I rebooted. The good news: I am no longer receiving the insidious & repeating "XP Anti-Spyware 2011" splash screens. However, something seems terribly wrong:

1. I'm getting "Application not found" error boxes when I select (for e.g.) MS Word or Excel from the either the Quick Launch window and/or when I attempt to access these apps via "Start" - "All Programs", etc. When I attempt to launch Internete Explorer or my legitimate virus software (Trend Micro Titanium) from the quick launch I get an "Open with" box asking me to "Choose the program you want to use to open this file:" followed by a long list of apps from which to choose...

2. My system tray (i.e. bottom right corner of screen) is not displaying icons it used to display

3. The computer seems to be running slow.

AAAArrrrrgggghhh! What has happened to my computer?!!

I'm hoping you can help!

Thanks.

killem

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-02-27
Operating System : Windows 8

View user profile

Back to top Go down


Re: XP Anti-Spyware 2011

Post by Belahzur on Tue 15 Mar 2011, 12:10 pm

Not yet, were working on it.

Is the BASANO-FEDEX a folder with your personal files in it?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: XP Anti-Spyware 2011

Post by killem on Tue 15 Mar 2011, 3:36 pm

Yes, BASANO-FEDEX is the folder with personal data files that would be devastating to lose.

I noticed that I also lost file folder named "AA-United Shipping Solutions". I'd like to get it back, but not nearly as critical as BASANO-FEDEX.

Will wait your reply. Thanks.

killem

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-02-27
Operating System : Windows 8

View user profile

Back to top Go down

Re: XP Anti-Spyware 2011

Post by Belahzur on Thu 17 Mar 2011, 12:43 pm

Got something for you.

Try some of the suggestions here:
[You must be registered and logged in to see this link.]

Lemme know how it goes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: XP Anti-Spyware 2011

Post by killem on Thu 17 Mar 2011, 5:59 pm

Followed the instructions - and - it worked!!

One last item: I don't know if it is related to the problems I've experienced, but I notice a lot of 'ghost' file icons in this folder; some are MS Word doc icons (again, ghosted / diminished colored file icons) and the first 2 characters of the file names have been replaced with the characters "~$". The other 'ghost' file icons have .TMP extensions, for e.g. "~WRL1370.TMP" (there are many of these.) I don't know when or how these types of file icons were created(?) If I have no need for them, can you advise whether there is any harm in deleting them?

killem

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-02-27
Operating System : Windows 8

View user profile

Back to top Go down

Re: XP Anti-Spyware 2011

Post by Belahzur on Fri 18 Mar 2011, 12:43 pm

Hello.
They are office backup files, you can delete them.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: XP Anti-Spyware 2011

Post by killem on Tue 29 Mar 2011, 12:36 am

Hit another prob since taking action advised from shoutland.com website:

I can now see all the files and subfolders I thought were deleted; however, when I attempt to open Word or Excel files I receive (respectively) error messages that state "Word cannot open the document: user does not have access prvileges" or "Excel cannot access [filename]. The document may be read-only or encrypted."

I suspect (and hope) the reason for this problem has to do with my not knowing what specific actions to take to complete "Step 8" of the shoutland solution: "...reapply the permissions and security settings that you want for the folder and the folder contents."(?)

Can you please advise? Thanx.

killem

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-02-27
Operating System : Windows 8

View user profile

Back to top Go down

Re: XP Anti-Spyware 2011

Post by Sponsored content Today at 9:23 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum