virus

waddler_8

Did you manage to update mbam? - post the log

peter_the_piper

Forgot, will try next.

peter_the_piper

Sorry, can't update as access to setup is denied. Avira found and quarantined 3 bugs. Can't give logs as now can't use firefox.
they involve tofflgobqa.exe, dwtrig20.exe, u298ezm5n1kum.exe

waddler_8

Download & run mbam clean (use a different computer and transfer the file)
http://www.malwarebytes.org/mbam-clean.exe

Then reinstall mbam from this link: http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware


Follow the instructions to reinstall mbam using chameleon if that's unsuccessful

http://forums.malwarebytes.org/index.php?showtopic=85715&st=0&p=434003&#entry434003

peter_the_piper

Well, it was a good try. Downloaded -clean and new mbam, burned to cd, inserted in bad lappy but as I cannot access the cd drive and autorun won't work I'm stumped.

waddler_8

Are you able to download mbam clean & install mbam from the infected pc at all - either in safe mode with networking or in normal mode after running rkill?

There's things left to try & we could persevere with this but sometimes the best option is to back up, format & reinstall. Things will only get more complicated from here on in.

GunJack

you still in safe mode with networking, or a normal boot ??


edit - sorry waddler, you first

peter_the_piper

OK. Trying to remember all, been a long day, thanks for the perseverance.
Currently running normal boot. Ran rkill, ran mbam clean then had to reboot. Ran rkill again, could not install mbam as it said I had to boot again.
Just ran unhide again and got icons back but no control panel. my computer etc.

Ran sys restore and blighter has not come back. Now going to update all and replace avira with avast as it is continually running download but won't update.

Blackpool_Saver

peter_the_piper wrote: »

Avira. Normally this would stop everything but somehow this slipped through. The clincher was for her to click on the ""Repair This"" button instead of ignoring it. The only thing different to normal is that she was using a BT Fon hotspot, can't see how this would be a problem though.

Hmmm, the only thing I can think is that your router would normally be an extra layer of security?.....no doubt an
expert will come along and tell me no, but can't think of anything else

waddler_8

peter_the_piper wrote: »

Just ran unhide again and got icons back but no control panel. my computer etc.

If you can get to a point where you can run an updated quick scan with mbam in normal mode then it should fix that as before.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu)-> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.