We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

XP Total security 2011 - help!

My pc is infected with this virus/trojan and I'm stuck.

I've downloaded Malwarebytes and installed it, but it won't run. I did as suggested and changed the name in program files, but still no luck. What now?

Thanks for any help you can offer!

Ruth
«1

Comments

  • MrAverage
    MrAverage Posts: 78 Forumite
    Can you not system restore to an earlier date?
  • madmum33
    madmum33 Posts: 635 Forumite
    It's worth a try, thank you, I was just panicking that it might be impossible to remove.
  • dogmaryxx
    dogmaryxx Posts: 2,446 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Scroll down and follow Automated Removal Instructions for XP Internet Security

    http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011
  • madmum33
    madmum33 Posts: 635 Forumite
    System restore won't work, I tried twice.

    Mary, I'll have a go, thanks!
  • madmum33
    madmum33 Posts: 635 Forumite
    Success! Thank you for your help! :T
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please open malwarebytes, goto LOGS and post the WHOLE of the last log

    The chances of it being completely gone are slim


    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)
    :idea:
  • madmum33
    madmum33 Posts: 635 Forumite
    This is the last log:
    Malwarebytes' Anti-Malware 1.50.1.1100
    https://www.malwarebytes.org

    Database version: 6009

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    10/03/2011 10:43:27
    mbam-log-2011-03-10 (10-43-27).txt

    Scan type: Quick scan
    Objects scanned: 154593
    Time elapsed: 5 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Ruth\local settings\application data\sdv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    All seems fine, but I'll do as you suggest.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    madmum33 wrote: »
    This is the last log:



    All seems fine, but I'll do as you suggest.

    Hey

    You dont have to
    :idea:
  • madmum33
    madmum33 Posts: 635 Forumite
    aliEnRIK wrote: »
    Hey

    You dont have to

    But I did because I know you give good advice, and it's better to be safe than sorry!

    Here's the combofix log:
    ComboFix 11-03-09.03 - Ruth 10/03/2011 11:57:06.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.340 [GMT 0:00]
    Running from: C:\Documents and Settings\Ruth\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}


    ((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))


    2011-03-10 11:15:49 . 2011-03-10 11:15:49
    d
    w- C:\Program Files\ISL
    2011-03-10 11:13:56 . 2006-07-12 14:39:00 208896 ----a-w- C:\WINDOWS\system32\FFRafShellEx.dll
    2011-03-10 11:13:47 . 2011-03-10 11:13:47
    d
    w- C:\Program Files\RAF
    2011-03-10 11:13:47 . 2010-02-10 14:26:18 233472 ----a-w- C:\WINDOWS\system32\RFCLauncher.exe
    2011-03-10 11:13:35 . 2011-03-10 11:13:35
    d
    w- C:\Documents and Settings\Ruth\Local Settings\Application Data\FUJIFILM
    2011-03-10 11:13:17 . 2011-03-10 11:13:17
    d
    w- C:\WINDOWS\LastGood
    2011-03-10 11:13:15 . 2007-03-12 16:42:30 3495784 ----a-w- C:\WINDOWS\system32\d3dx9_33.dll
    2011-03-10 11:12:52 . 2011-03-10 11:12:52
    d
    w- C:\Documents and Settings\All Users\Application Data\FUJIFILM
    2011-03-10 11:12:40 . 2011-03-10 11:12:40
    d
    w- C:\Program Files\FUJIFILM


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2010-12-20 18:09:00 . 2009-03-15 20:44:45 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-12-20 18:08:40 . 2009-03-15 20:44:48 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19:44 94208 ----a-w- C:\Documents and Settings\Ruth\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19:44 94208 ----a-w- C:\Documents and Settings\Ruth\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19:44 94208 ----a-w- C:\Documents and Settings\Ruth\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 17:32:40 206064]
    "Google Update"="C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-29 18:21:09 133104]
    "SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 03:49:30 405504]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-11 13:02:39 2356088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-18 07:50:04 136600]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35:42 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37:04 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22:16 221184]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00:00 1116920]
    "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23:38 118784]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24:00 16384]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32:10 53248]
    "DT Task"="C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe" [2006-08-14 13:32:10 269312]
    "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2005-10-28 12:54:50 800504]
    "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 04:41:56 94208]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 11:08:08 135168]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 11:08:12 159744]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 11:07:42 131072]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13:08 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18:40 267048]
    "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 17:05:58 734264]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 17:32:40 206064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16:38 39792]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 15:25:04 16859648]
    "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 12:08:47 209153]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 00:10:22 981384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00:00 15360]

    C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-3 95232]
    Dropbox.lnk - C:\Documents and Settings\Ruth\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2009-12-22 576000]
    wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-6-4 21504]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-16 113664]
    Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-28 94208]
    Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-1-16 294912]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Spotify\\spotify.exe"=
    "C:\\Documents and Settings\\Ruth\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

    R1 RapportBuka;RapportBuka;C:\WINDOWS\system32\drivers\RapportBuka.sys [04/03/2010 11:59:39 390528]
    R1 RapportCerberus_19917;RapportCerberus_19917;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54:04 34792]
    R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43:44 169320]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [29/06/2009 08:45:48 108289]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43:16 767208]
    S1 RapportKELL;RapportKELL;\??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys --> C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [?]
    S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 11:42:56 64000]
    S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\drivers\VVRUSB.sys [28/06/2009 11:54:36 38479]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    Contents of the 'Scheduled Tasks' folder

    2011-03-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57:52 . 2007-08-29 14:57:52]

    2011-03-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3064762228-1985813096-3866731504-1006Core.job
    - C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-29 18:21:11 . 2008-09-29 18:21:09]

    2011-03-10 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3064762228-1985813096-3866731504-1006UA.job
    - C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-29 18:21:11 . 2008-09-29 18:21:09]


    Supplementary Scan

    uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
    uStart Page = hxxp://www.sky.com
    mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    Trusted Zone: wetcanvas.com
    FF - ProfilePath - C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eg1es9pp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
    FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
    FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    FF - Ext: Aeon Clouds: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} - %profile%\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
    FF - Ext: Scribblies Plain: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB} - %profile%\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}
    FF - Ext: Red Cats (blue flavor): {ff356687-aa08-463d-a46c-11c451824939} - %profile%\extensions\{ff356687-aa08-463d-a46c-11c451824939}
    FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
    FF - Ext: springshine: springshine@yogurttree.com - %profile%\extensions\springshine@yogurttree.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    Ruth
  • giraffe69
    giraffe69 Posts: 3,571 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    This bit at the start of the malwarebytes log
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    means you are a bit out of date and perhaps more vulnerable so when all the other excitement is resolved anbd you are back to a quit life it may be worth installing

    Windows XP Service Pack 3 and also an update to Internet Explorer 8(worthwhile even if you mostly use Firefox)
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 347.2K Banking & Borrowing
  • 251.6K Reduce Debt & Boost Income
  • 451.8K Spending & Discounts
  • 239.5K Work, Benefits & Business
  • 615.3K Mortgages, Homes & Bills
  • 175.1K Life & Family
  • 252.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.