Malwarebytes Log-can anyone please check this?

aliEnRIK

id say your good to go now

beachlou

Thank you to everyone who's helped me! What should I do now with regards to security on my laptop?

aliEnRIK

beachlou wrote: »

Thank you to everyone who's helped me! What should I do now with regards to security on my laptop?

Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)

macman

Start by running Windows Updates and getting Vista SP2 and any subsequent updates.

beachlou

When trying to download Hijack, the system tool came back!

beachlou

Ok, have ran malwarebytes again after the krill and this is the latest log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5891
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
27/02/2011 22:17:09
mbam-log-2011-02-27 (22-17-09).txt
Scan type: Quick scan
Objects scanned: 161606
Time elapsed: 3 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pCiCkIh06308 (Trojan.FakeAlert) -> Value: pCiCkIh06308 -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\pcickih06308\pcickih06308.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Louise\local settings\temporary internet files\Content.IE5\08PH2RX1\setup[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Any ideas???

aliEnRIK

Can you please explain exactly how the tool came back? (Im thinking your hosts been infected and so redirecting)

Narc0lepsy

I've read this, and another thread with interest as I also have spent much of today getting rid of the System Tool thing. Mine popped up when I was on line looking at the Indian Visa application site. I have 2 observations:1. Although my preferred browser is Opera, it was only when in desperation I tried Internet Explorer that I managed to download Anti Malware as the ST kept hijacking it (and Avast). So I'll be looking on any threads which compare browser safety now!2. I got rid of the ST by following instructions on the bleepingcomputer site (safe mode, rkill, malwarebytes software). I stopped at about stage 21 as it was talking about the host and how to change something - have to say I lost my bottle then as I'm not very confident about anything much more than 'scan and press remove'.

beachlou

aliEnRIK wrote: »

Can you please explain exactly how the tool came back? (Im thinking your hosts been infected and so redirecting)

Hi,

It made an apperance when I was trying to download Hijack. It's gone from my computer now (after running rkill & malwarebytes) but it no longer lets me on the internet.

aliEnRIK

Id follow this from 22 (try removing hosts before having to use another computer to download the 'bat' file)

http://www.bleepingcomputer.com/virus-removal/remove-system-tool