We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Antivirus

13»

Comments

  • kjb_2
    kjb_2 Posts: 46 Forumite
    Part of the Furniture Combo Breaker
    Just to let you know that the problem is now sorted. I had a guest user and found that it was unaffected so could download the malware and sort the problem. I still had one or two issues with changed profiles in internet explorer but a knowleable friend sorted that.
    Thanks for the advice here
  • fiddiwebb
    fiddiwebb Posts: 1,806 Forumite
    kjb wrote: »
    Just to let you know that the problem is now sorted. I had a guest user and found that it was unaffected so could download the malware and sort the problem. I still had one or two issues with changed profiles in internet explorer but a knowleable friend sorted that.
    Thanks for the advice here

    Have you run Malwarebytes?

    If so could you post the log file so we know what was causing the problem.
  • kjb_2
    kjb_2 Posts: 46 Forumite
    Part of the Furniture Combo Breaker
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org
    Database version: 5247
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975
    05-12-2010 11:19:49
    mbam-log-2010-12-05 (11-19-49).txt
    Scan type: Full scan (C:\|E:\|)
    Objects scanned: 264176
    Time elapsed: 1 hour(s), 4 minute(s), 7 second(s)
    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4
    Memory Processes Infected:
    c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> 5004 -> Unloaded process successfully.
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bnkkisui (Trojan.FakeAV) -> Value: bnkkisui -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop SMS (Worm.P2P) -> Value: Desktop SMS -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\Users\kevin\AppData\Local\Temp\crgoofjkx\emqrnoxtsbl.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
    c:\Users\kevin\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\U0PX2IQA\adobeflashplayerv10.0.32.22[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\Users\kevin\AppData\Local\Temp\_7488.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
    c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> Quarantined and deleted successfully.
  • kjb_2
    kjb_2 Posts: 46 Forumite
    Part of the Furniture Combo Breaker
    Is it safe for me to post this here.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Everything we ask for cannot be used maliciously in any way
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)


    Your machines had/got a nasty trojan infection

    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture