We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Am I infected?

Options
245678

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    aaroncaz wrote: »
    but when i click yes it it turns off, nothing happens.

    Its done its job, all its done is rewrite a part of the registry
    :idea:
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Oh!!!!! lol! Well it's done it's job a few times, cause I kept trying it!:o Sorry to be so dim! Just waiting on malware now.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    aaroncaz wrote: »
    Oh!!!!! lol! Well it's done it's job a few times, cause I kept trying it!:o Sorry to be so dim! Just waiting on malware now.

    No worries. I should have explained what would (or wouldnt) happen
    :idea:
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    aliEnRIK wrote: »
    No worries. I should have explained what would (or wouldnt) happen
    I am just grateful for all the help from you and others, without it, I'd be lost!!:beer:
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Ok, here goes:
    Malwarebytes' Anti-Malware 1.46
    https://www.malwarebytes.org

    Database version: 4105

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.6002.18005

    16/05/2010 15:22:20
    mbam-log-2010-05-16 (15-22-20).txt

    Scan type: Full scan (C:\|E:\|)
    Objects scanned: 240424
    Time elapsed: 39 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agmfvywb (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Carol & Aaron\AppData\Local\istnwynyg\evurkentssd.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
    C:\Users\Carol & Aaron\AppData\Local\Temp\178bd42a.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Hijack this:


    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 14:50:22, on 24/02/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    Also when I rebooted after running malware a box popped up for windows defenders saying some programms had been blocked on starting up.
  • aaroncaz
    aaroncaz Posts: 5,242 Forumite
    Part of the Furniture
    I still can't get IE to open.
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    edited 16 May 2010 at 4:15PM
    seeing you have Rogue.AntivirusSuite then please follow this

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    no need to install recovery suite as its Vista , just download and run , then post the log file it produces


    if for some reason it fails to run then highlight the combofix icon and then right click with the mouse. Choose Rename and change the filename from combofix.exe to aaron.exe and then try
    Ex forum ambassador

    Long term forum member
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    aaroncaz wrote: »
    Hijack this:


    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 14:50:22, on 24/02/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    You downloaded the LATEST version instead of the version I posted

    Please download as per instructions. Then with the SHIFT key pressed, please RIGHT CLICK and select RUN AS
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture