We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

virus

Options
1235710

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Did you manage to update mbam? - post the log
  • Forgot, will try next.
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • peter_the_piper
    peter_the_piper Posts: 30,269 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 28 February 2012 at 9:27PM
    Sorry, can't update as access to setup is denied. Avira found and quarantined 3 bugs. Can't give logs as now can't use firefox.
    they involve tofflgobqa.exe, dwtrig20.exe, u298ezm5n1kum.exe
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Download & run mbam clean (use a different computer and transfer the file)
    http://www.malwarebytes.org/mbam-clean.exe

    Then reinstall mbam from this link: http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware


    Follow the instructions to reinstall mbam using chameleon if that's unsuccessful

    http://forums.malwarebytes.org/index.php?showtopic=85715&st=0&p=434003&#entry434003
  • Well, it was a good try. Downloaded -clean and new mbam, burned to cd, inserted in bad lappy but as I cannot access the cd drive and autorun won't work I'm stumped.
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Are you able to download mbam clean & install mbam from the infected pc at all - either in safe mode with networking or in normal mode after running rkill?

    There's things left to try & we could persevere with this but sometimes the best option is to back up, format & reinstall. Things will only get more complicated from here on in.
  • GunJack
    GunJack Posts: 11,829 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    you still in safe mode with networking, or a normal boot ??


    edit - sorry waddler, you first :o
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • OK. Trying to remember all, been a long day, thanks for the perseverance.
    Currently running normal boot. Ran rkill, ran mbam clean then had to reboot. Ran rkill again, could not install mbam as it said I had to boot again.
    Just ran unhide again and got icons back but no control panel. my computer etc.

    Ran sys restore and blighter has not come back. Now going to update all and replace avira with avast as it is continually running download but won't update.
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • Avira. Normally this would stop everything but somehow this slipped through. The clincher was for her to click on the ""Repair This"" button instead of ignoring it. The only thing different to normal is that she was using a BT Fon hotspot, can't see how this would be a problem though.

    Hmmm, the only thing I can think is that your router would normally be an extra layer of security?.....no doubt an
    expert will come along and tell me no, but can't think of anything else
    Blackpool_Saver is female, and does not live in Blackpool

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Just ran unhide again and got icons back but no control panel. my computer etc.

    If you can get to a point where you can run an updated quick scan with mbam in normal mode then it should fix that as before.
    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu)-> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.