We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Avira detection
Comments
-
Yes, please open LOGS and post the last log with the infections in
Then download a FRESH copy of combofix (Remove the old one first) and run it again
Im thinking ive maybe missed something but id rather look through a fresh log:idea:0 -
Hijack log ~
C:\Program Files\BT Auto Backup\VaultClientSRV.exe
Looks like this can really slow computers down. Id recommend uninstalling it and finding a different way of backing up your data
Id recommend uninstalling the YAHOO TOOLBAR as it also slows systems down and does some questionable things
TICK and FIX these ~
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
(make sure the ones in BOLD are fixed)
What do the POP UPS display?:idea:0 -
Here is the scan from malwarebytes that found and removed virus
also ran scan again in avira last night which found 2 viruses also and one seemed to be the pop up which I was getting running another full scan now in avira to ensure they were removed been logged in for 20 minutes and so far so good no pop up's but wont jump for joy just yet.... will fix highlighted parts in hijack this once scan completed
Malwarebytes' Anti-Malware 1.41
Database version: 3044
Windows 5.1.2600 Service Pack 3
28/10/2009 00:31:16
mbam-log-2009-10-28 (00-31-16).txt
Scan type: Quick Scan
Objects scanned: 128648
Time elapsed: 14 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cs (Rogue.AlphaAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CSUninstall (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\CS\cs.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Caroline\Local Settings\Temp\18.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Caroline\Local Settings\Temporary Internet Files\Content.IE5\8K8WFIH7\setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CSUninstall\Uninstall.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Computer Scan.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Cyber Security.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Help.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Registration.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Security Center.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Settings.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\CS\Update.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Caroline\Desktop\Cyber Security.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Caroline\Application Data\Microsoft\Internet Explorer\Quick Launch\CS.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.0 -
Once youve fixed those items and as youve had MYWEBSEARCH ~
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS):idea:0 -
ok all completed no pop ups in the last couple of hours looking goooooooood
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/03/2010 at 11:20 AM
Application Version : 4.32.1000
Core Rules Database Version : 4441
Trace Rules Database Version: 2265
Scan type : Complete Scan
Total Scan Time : 00:41:08
Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 6928
Registry threats detected : 2
File items scanned : 24480
File threats detected : 66
Adware.Tracking Cookie
C:\Documents and Settings\Caroline\Cookies\caroline@adserver.aol[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@fastclick[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@tribalfusion[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@advertising[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@ad.yieldmanager[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adtech[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@atdmt[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@zedo[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@eas.apm.emediate[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adviva[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@doubleclick[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@amazonms.122.2o7[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adbrite[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@server.iad.liveperson[1].txt
C:\Documents and Settings\Darren\Cookies\darren@uk.at.atwola[1].txt
C:\Documents and Settings\Darren\Cookies\darren@ehg-debenhams.hitbox[2].txt
C:\Documents and Settings\Darren\Cookies\darren@richmedia.yahoo[2].txt
C:\Documents and Settings\Darren\Cookies\darren@adbrite[2].txt
C:\Documents and Settings\Darren\Cookies\darren@content.yieldmanager[2].txt
C:\Documents and Settings\Darren\Cookies\darren@2o7[1].txt
C:\Documents and Settings\Darren\Cookies\darren@chitika[1].txt
C:\Documents and Settings\Darren\Cookies\darren@content.yieldmanager[3].txt
C:\Documents and Settings\Darren\Cookies\darren@www.googleadservices[2].txt
C:\Documents and Settings\Darren\Cookies\darren@www.googleadservices[3].txt
C:\Documents and Settings\Darren\Cookies\darren@hitbox[2].txt
C:\Documents and Settings\Darren\Cookies\darren@www.googleadservices[4].txt
C:\Documents and Settings\Darren\Cookies\darren@www.googleadservices[1].txt
C:\Documents and Settings\Darren\Cookies\darren@www.googleadservices[5].txt
C:\Documents and Settings\Darren\Cookies\darren@cdn5.specificclick[1].txt
C:\Documents and Settings\Darren\Cookies\darren@revsci[1].txt
C:\Documents and Settings\Darren\Cookies\darren@e-2dj6wfkiagcpoko.stats.esomniture[1].txt
C:\Documents and Settings\Darren\Cookies\darren@mediaplex[2].txt
C:\Documents and Settings\Darren\Cookies\darren@media6degrees[1].txt
C:\Documents and Settings\Darren\Cookies\darren@bluestreak[1].txt
C:\Documents and Settings\Darren\Cookies\darren@frenchconnection.112.2o7[1].txt
C:\Documents and Settings\Darren\Cookies\darren@paypal.112.2o7[1].txt
C:\Documents and Settings\Darren\Cookies\darren@e-2dj6wgkoondpslp.stats.esomniture[2].txt
C:\Documents and Settings\Darren\Cookies\darren@stats.paypal[2].txt
C:\Documents and Settings\Darren\Cookies\darren@casalemedia[2].txt
C:\Documents and Settings\Darren\Cookies\darren@fastclick[1].txt
C:\Documents and Settings\Darren\Cookies\darren@amznmothercare.122.2o7[1].txt
C:\Documents and Settings\Darren\Cookies\darren@server.lon.liveperson[2].txt
C:\Documents and Settings\Darren\Cookies\darren@atdmt[2].txt
C:\Documents and Settings\Darren\Cookies\darren@ad.yieldmanager[1].txt
C:\Documents and Settings\Darren\Cookies\darren@azjmp[2].txt
C:\Documents and Settings\Darren\Cookies\darren@tracking.dc-storm[1].txt
C:\Documents and Settings\Darren\Cookies\darren@wsclick.infospace[1].txt
C:\Documents and Settings\Darren\Cookies\darren@server.lon.liveperson[4].txt
C:\Documents and Settings\Darren\Cookies\darren@server.lon.liveperson[3].txt
C:\Documents and Settings\Darren\Cookies\darren@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Darren\Cookies\darren@tribalfusion[1].txt
C:\Documents and Settings\Darren\Cookies\darren@adtech[1].txt
C:\Documents and Settings\Darren\Cookies\darren@apmebf[1].txt
C:\Documents and Settings\Darren\Cookies\darren@adviva[2].txt
C:\Documents and Settings\Darren\Cookies\darren@112.2o7[2].txt
C:\Documents and Settings\Darren\Cookies\darren@questionmarket[2].txt
C:\Documents and Settings\Darren\Cookies\darren@specificclick[1].txt
C:\Documents and Settings\Darren\Cookies\darren@adviva[1].txt
C:\Documents and Settings\Darren\Cookies\darren@overture[1].txt
C:\Documents and Settings\Darren\Cookies\darren@tradedoubler[1].txt
C:\Documents and Settings\Darren\Cookies\darren@adrevolver[1].txt
C:\Documents and Settings\Darren\Cookies\darren@imrworldwide[2].txt
C:\Documents and Settings\Darren\Cookies\darren@advertising[1].txt
C:\Documents and Settings\Darren\Cookies\darren@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\Darren\Cookies\darren@112.2o7[3].txt
C:\Documents and Settings\Darren\Cookies\darren@doubleclick[2].txt
Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\msednd32.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\WINDOWS\system32\msednd32.exe ]0 -
Looks good ~ let us know if you have anymore problems:idea:0
-
Cant thank you enough for all your help ......
just one last question
I have avira, malwarebytes and now super antispyware
would you recommend anything else have looked at other posts for recommendations but get confused just need someone to say download this this and this, if you get what I'm saying thanks0 -
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards