We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
HELP: Trojan on pc which is now removed but so is AVG
Options
Comments
-
Here I hope are the results,
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7924
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
12/10/2011 22:07:12
mbam-log-2011-10-12 (22-06-56).txt
Scan type: Quick scan
Objects scanned: 183529
Time elapsed: 5 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
That's just a minor adware registry key - totally harmless on it's own. I trust you clicked remove selected?0
-
I did just now, didn't want to in case I was wrong.
She has just given me this log this time,
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7924
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
12/10/2011 22:12:49
mbam-log-2011-10-12 (22-12-49).txt
Scan type: Quick scan
Objects scanned: 183529
Time elapsed: 5 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Great. One thing to look at this should only take a few seconds. Dont worry about all this stuff I'm having you download it's all simple to remove.
Download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe- Right-click SystemLook.exe and choose "Run as administrator" to run it.
- Copy the content of the following codebox into the main textfield (Dont include code:)
:dir c:\users\charley\AppData\Local\834756f8 /s
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- The log can also be found on your Desktop entitled SystemLook.txt
0 -
SystemLook 30.07.11 by jpshortstuff
Log created at 22:25 on 12/10/2011 by charley
Administrator - Elevation successful
========== dir ==========
c:\users\charley\AppData\Local\834756f8 - Parameters: "/s"
---Files---
@ --ahs-- 2048 bytes [18:40 08/10/2011] [18:40 08/10/2011]
c:\users\charley\AppData\Local\834756f8\U d-ahs-- [18:40 08/10/2011]
80000000.@ --a---- 12800 bytes [19:37 03/10/2011] [15:01 11/10/2011]
-= EOF =-0 -
Again, this should be quick.
Download OTM by Old Timer and save it to your Desktop.
http://oldtimer.geekstogo.com/OTM.exe- Right-click OTM.exe & choose "Run as Administrator" to run it.
- Copy the following code inside the codebox below. Do not include the word Code:
:files c:\users\charley\AppData\Local\834756f8
- Return to OTM, right click in the Paste instructions for Items to be Moved window (under the yellow bar) and choose Paste.
- Push the large MoveIt! button.
- Click OK & post the log if no reboot is required.
- OTM may ask to reboot the machine. Please do so if asked.
- The report should appear in Notepad after the reboot. Copy/paste the contents of that report back here in your next reply.
0 -
It didn't ask for a reboot. Here is the log,
========== FILES ==========
c:\users\charley\AppData\Local\834756f8\U folder moved successfully.
c:\users\charley\AppData\Local\834756f8 folder moved successfully.
OTM by OldTimer - Version 3.1.18.0 log created on 10122011_2244390 -
How are things running in general with the computer now?0
-
She seems to be going fine, thanks! What do you think though from the logs?0
-
The logs look ok. If everythings ok now, uninstall combofix
Open a Run command box (Windows key + R) and copy paste this command in:
ComboFix /uninstall
Note the space between ComboFix and /uninstall , it needs to be there.
Click OK
Let me know if that wasn't successful before proceeding to remove OTM and its folder. If it was, continue on with this:- Right-click OTM.exe & choose "Run as Administrator" to run it.
- Click the CleanUp! button
- Select Yes when the Begin cleanup Process? Prompt appears
- If you are prompted to Reboot during the cleanup, select Yes
- The tool will delete itself once it finishes, if not delete it by yourself
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards