We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help got virus etc on laptop and no antivirus in place

135

Comments

  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    Running PC tools first before I do Malwarebytes
  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    OK ran pctools spyware Doctor with Anivius it has found 8 threats and 373 infections and wants me to pay for it to fix the problems
  • dogmaryxx
    dogmaryxx Posts: 2,446 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Don't. Run Malwarebytes again and delete everything found.
  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    Malwarebytes' Anti-Malware 1.50.1.1100
    https://www.malwarebytes.org

    Database version: 5838

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    22/02/2011 15:06:09
    mbam-log-2011-02-22 (15-06-09).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 259462
    Time elapsed: 1 hour(s), 0 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://redirecturls.info/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\nashlaptop\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2ZVAG8ED\facebook-pic0009206951100-jpeg[1].exe (Worm.Rimecud) -> Quarantined and deleted successfully.
    c:\Users\nashlaptop\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XO721CP2\gus[1].exe (Worm.Rimecud) -> Quarantined and deleted successfully.
    c:\Users\nashlaptop\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XO721CP2\gux[1].exe (Worm.Rimecud) -> Quarantined and deleted successfully.
    c:\Windows\temp31233724419.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
    c:\Windows\temp3123376123.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
    c:\Windows\temp31233764419.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 22/02/2011 at 15:26:58.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\SysWOW64\InfDefaultInstall.exe
    C:\Windows\SysWOW64\runonce.exe
    C:\Windows\SysWOW64\grpconv.exe


    Rkill completed on 22/02/2011 at 15:27:24.
  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 22/02/2011 at 15:33:25.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    D:\WiNlOgOn.exe


    Rkill completed on 22/02/2011 at 15:33:42.
  • dogmaryxx
    dogmaryxx Posts: 2,446 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Any problems now?
  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 22/02/2011 at 15:37:45.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    D:\eXplorer.exe


    Rkill completed on 22/02/2011 at 15:38:02.
  • an1179
    an1179 Posts: 1,848 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    dogmaryxx wrote: »
    Any problems now?

    Thank you for you continued help

    Just finished rkill run those are the logs
    I need to install antivirus as caffee has run out. I think I'll get Avira?

    How can I tell if all is ok?
  • debitcardmayhem
    debitcardmayhem Posts: 13,137 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    an1179 wrote: »
    Thank you I think I am getting somewhere now. Have got Malwarebytes running scan and downloading pctools - watch this space

    Separate issue
    I think i have duplicated my programmes file I have got
    programme files properties 655MB / 2515 files /475 folders
    programme files (x86) properties 5.54GB / 17022 files/1820 folder
    sbut I will deal with that later I think
    both modified 22/02/2011

    Thank you every one for helping me so far
    Don't worry about those, you have Program Files which is for 64bit programs, and Program Files(x86) for 32bit programs. This means you are running the 64 bit version of Home Premium .
    4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.2K Work, Benefits & Business
  • 600.9K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture