Antivirus XP 08 invaded my laptop - help want it removed!

GhostHunter_3

Hi

I was hoping someone can please help us?

Earlier today I opend up my laptop to find on my 'start' page a big message stating "WARNING! Spyware detected on your computer! - Install an antivirus or spyware remover to clean your computer".

I usually use F-secure as I am with Tesco Broadband but have recently also had a lot of trouble with that (another issue) anyway it obviously hasnt got rid of the virus as I continuously am bombarded with popups "System information" and its playing havoc with my internet connection by blocking email and browsing every so often.

It appears the only way I can get rid of this :mad: messages is to sign up and pay £50 (or close to) online by credit card, apparantly I currently have a 'free trial' but even the 'free trial' doesnt seem to be available and all I keep getting told after a 'pretend scan' is that I have somewhere between 2000 - 3000 viruses and I need to disinfect infected files as soon as possible.

I am certainly not happy to pay £50 for something I didnt ask for and hoped someone can tell me how to rid my laptop from this :mad: please? It will have to be in very simple instructions as I am not very good at pc maintanance

I have tried everything I am capable of so far and want to avoid having to wipe everything clean and reload it all back onto laptop if at all possible.

Many thanks in advance.

:eek:

Browntoa

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

robpw2

avast is decent too its free to home users

GhostHunter_3

Thanks very much it appears to have gone now :beer: Next time I have a techie question I will remember to post it here! :T

Log report:

Malwarebytes' Anti-Malware 1.25
Database version: 1065
Windows 5.1.2600 Service Pack 2
14:33:13 18/08/2008
mbam-log-08-18-2008 (14-33-13).txt
Scan type: Quick Scan
Objects scanned: 58129
Time elapsed: 18 minute(s), 20 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 5
Registry Keys Infected: 37
Registry Values Infected: 14
Registry Data Items Infected: 2
Folders Infected: 24
Files Infected: 59
Memory Processes Infected:
C:\Program Files\rhcca5j0egd3\rhcca5j0egd3.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphc9a5j0egd3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphc9a5j0egd3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\rhcca5j0egd3\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcca5j0egd3\MFC71ENU.DLL (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcca5j0egd3\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhcca5j0egd3\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\system32\blphc9a5j0egd3.scr (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\!!2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!6ca49fdd-4aeb-4f08-a394-c0a1f82caa16} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab75cc7d-2751-4144-a278-5462d5a5884c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b499d34e-58ef-4927-ab9f-7af52b2c4c82} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!97C6E0E9-1D24-48CA-11E7-DC22C5308ABA} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!035C1836-0D78-DABC-F4A7-D5D0517EE1F9} (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!98ca7898-6029-41ab-8f67-ea4f5e1afc22} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\!!1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b499d34e-58ef-4927-ab9f-7af52b2c4c82} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcca5j0egd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcca5j0egd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcca5j0egd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rtasks (Rogue.WinAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9a5j0egd3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\DrAntispy (Rogue.Dr.Antispy) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.3 (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\VirusRay 3.8 (Rogue.Virus.Ray) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\rhcca5j0egd3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\DrAntispy\DrAntispy.lic (Rogue.Dr.Antispy) -> Quarantined and deleted successfully.
C:\Program Files\DrAntispy\Uninstall.exe (Rogue.Dr.Antispy) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\DriveCleaner Free\laststat.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.3\vpp.ini (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\VirusRay 3.8\vpp.ini (Rogue.Virus.Ray) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\icmntr.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\ICTHIS.0XE (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\ictmdl.0ll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\ictun.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\icun.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\isfmdl.0ll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\isfmm.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\isfmntr.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\isfun.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Image Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\rhcca5j0egd3.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\rhcca5j0egd3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcca5j0egd3\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl\avtasks.dat (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl\PGE.dat (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl\Logs\av.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl\Logs\ga6Support.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc9a5j0egd3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc9a5j0egd3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc9a5j0egd3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc9a5j0egd3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hedders\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Browntoa

to make sure you are clean it might be worth following this

http://forums.moneysavingexpert.com/showthread.html?t=133269

bribrian

Browntoa wrote: »

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Is it worth downloading this if your pc is clean & using it to scan at regular intervals to run alongside an antivirus.....?

spud17

I'm pretty sure it is, but Browntoa is the REAL expert.

spinybif_2

One extra thought, make sure you download the new version 1.25, I had the same problem but found when I ran it there was an error overflow problem (6), The new version worked perfectlt last night.

peter_the_piper

Just had the same problem with the OH's laptop, it would shut down before I had a chance to download Malwarebytes, solved by burning a copy onto cd on my lappy and running it on hers in safe mode. Nasty virus even removed her restore points so cut off that route. Clear so far but will have to wait and see.

Reaper

The Register recently did a detailed study of what this particular piece of malware does. You can read about it here:
http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

peter_the_piper

I think I'll get the wife to read it first!!!