We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help site wants $84 from me
Comments
-
If it's not completely removed you could try - download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
It does look like a pretty poor bit of software but trust me this has actually saved my life on more then one occasion.
I had this thing on my PC which stopped any antivirus/malware software from opening, it would just shut it down, even when I went into task manager to see if I could stop the infection from running and get the malware software to run it would auto start again straight away. I will say at this point I don't know much about PC's.
So I started researching it and loads of people were saying it was a nasty program and I needed the above software.
What it did was locate the bad file and contain it, basically shut the bad file off which gave me the time to run malwarebytes.
I'm not saying I back this piece of software as I don't know much about it but when times are desperate are your willing to give an unknown ago this program came through for me (twice).
My 2 pennys.0 -
They have SAS installed.
Next stop is combofix. If that doesn't take out the .exe's in programdata the we can just script them out anyway.
This might help in the future if you're having trouble running mbam because of an infection:deadeyesteve wrote: »What it did was locate the bad file and contain it, basically shut the bad file off which gave me the time to run malwarebytes.
http://helpdesk.malwarebytes.org/entries/20872371-use-chameleon-to-run-malwarebytes-anti-malware-on-infected-systems0 -
That program on the link you supplied looks a bit more heavy duty so might use that next time im in trouble.
Thanks0 -
It's still not clear that the OP has actually let mbam remove the infections it found, I suspect not. I would be inclined to a mbam quick scan & removal before CF..........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
The DDS log shows signs of infection. Coupled with the protection log it shows processes that are attempting to contact (amongst others) known Russian Business Network IP's (Blocked by mbam's IP protection).
This would be the same RBN that carried out DOS's in August 2008, when I ended up stranded with OH and 2 kids in the middle of a warzone (that was fine when we arrived 2 weeks before), and trying to let my parents know we were ok as the phone networks were down. :eek:
High levels of criminal involvement, allegedly 💙💛 💔0 -
This is this mornings log:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
https://www.malwarebytes.org
Database version: v2012.09.25.05
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Susan :: NEWDELL [administrator]
Protection: Disabled
25/09/2012 10:20:16
mbam-log-2012-09-25 (11-13-19).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366753
Time elapsed: 50 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rmARWGtDjHvYrkh.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\rmARWGtDjHvYrkh.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tBrinNXS8RVvE7 (Trojan.FakeAlert) -> Data: C:\ProgramData\tBrinNXS8RVvE7.exe -> No action taken.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\ProgramData\rmARWGtDjHvYrkh.exe (Trojan.FakeAlert) -> No action taken.
C:\ProgramData\tBrinNXS8RVvE7.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Susan\AppData\Local\Temp\3F0JkTMpPQex0S.exe.tmp (Trojan.FakeAlert) -> No action taken.
(end)0 -
you need to let mbam FIX these things (you will need to run a quick scan again to do this, I think all those will be picked up, if not another full scan), then re-run DDS after the reboot (which mbam will tell you it needs to complete the removal) and post the new log
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
you need to let mbam FIX these things (you will need to run a quick scan again to do this, I think all those will be picked up, if not another full scan), then re-run DDS after the reboot (which mbam will tell you it needs to complete the removal) and post the new log
Did it again and this is it:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.25.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Susan :: NEWDELL [administrator]
Protection: Enabled
25/09/2012 14:14:49
mbam-log-2012-09-25 (14-14-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224345
Time elapsed: 11 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)0 -
Looks healthy enough to me... Are you still getting any issues ?I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.0
-
So there must be a log in between the two which shows the deletions, yes? Now run DDS again and post the new DDS log
edit:- yes the mbam log is clean, but DDS can show up stuff that's still there which mbam may not see... a DDS log still showing signs of infection would mean that combofix would be needed, however a clean DDS log would probably negate the need to run CF. Waddler is the resident DDS expert (I'm getting better with it, but not to his standard yet ) so a clean DDS with his eye over it would be safest ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 246K Work, Benefits & Business
- 602K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards