We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
MWBytes unable to remove certain things?
bigblackdog
Posts: 1,076 Forumite
in Techie Stuff
theres some trojans in my netbook .
have been scanning with mwb since Sunday .
and then removing selected infections.
latest scan had 10 and mwb says unable to remove certain ones ............ they just gonna stay ?
any help gratefully recieved , thanks
have been scanning with mwb since Sunday .
and then removing selected infections.
latest scan had 10 and mwb says unable to remove certain ones ............ they just gonna stay ?
any help gratefully recieved , thanks
my favourite food is spare ribs
0
Comments
-
You could try running the scan with the netbook in safe mode with networking
Can you post the names of the ones it does not remove?0 -
Go into the Malwarebytes 'Logs' tab, and post the relevant logs first so we know what's happening.
Could be a file infector. Might be easier to backup anything important, then run the factory restore tool.0 -
Malwarebytes' detection and removal capabilities are at their best in normal mode. A driver it uses doesn't load in safe mode.
As Russ said, post the log.0 -
It probably is written that it cannot remove them until you re-boot.0
-
due to screen freezing , and other wierd things i didnt realise i had actually posted my thread .
MWB asks to re start to remove the items , so of course i re start . Soon though they are back .
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7929
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
12/10/2011 15:56:27
mbam-log-2011-10-12 (15-56-27).txt
Scan type: Full scan (C:\|)
Objects scanned: 243665
Time elapsed: 36 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PwmJvpyi (Trojan.Agent.H) -> Value: PwmJvpyi -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent.H) -> Bad: (C:\Users\user\AppData\Local\hquwlppr\pwmjvpyi.exe) Good: () -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\users\user\appdata\local\hquwlppr\pwmjvpyi.exe (Trojan.Agent.H) -> Delete on reboot.
c:\program files\common files\Adobe\cs5.5servicemanager\cs5.5servicemanagermgr.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\pwmjvpyi.exe (Trojan.Agent.H) -> Delete on reboot.my favourite food is spare ribs0 -
ok i shut down , re started , and am running a quick scan , already found 4 objects infected ......my favourite food is spare ribs0
-
0
-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7929
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
12/10/2011 16:25:41
mbam-log-2011-10-12 (16-25-41).txt
Scan type: Quick scan
Objects scanned: 162168
Time elapsed: 5 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PwmJvpyi (Trojan.Agent.H) -> Value: PwmJvpyi -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent.H) -> Bad: (C:\Users\user\AppData\Local\hquwlppr\pwmjvpyi.exe) Good: () -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\user\AppData\Local\hquwlppr\pwmjvpyi.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\Temp\hchebrxrmapnbwyp.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.my favourite food is spare ribs0 -
no i haventmy favourite food is spare ribs0 -
Agreed with TakeThis, looks like Ramnit.
Yes it's possible to disinfect in Windows 7, but it would be something I'd only really be willing to do with the machine in front of me.
bigblackdog - do you have backups of your files? Or another machine to work with?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.9K Spending & Discounts
- 244.6K Work, Benefits & Business
- 599.9K Mortgages, Homes & Bills
- 177.2K Life & Family
- 258.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards