Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Malware Help Please! Highly unpleasant infection!

  • 06-01-2010 1:49am
    #1
    Executive Steve
    Registered Users, Registered Users 2 Posts: 3,373 ✭✭✭


    Hi there, kind souls of the virus and malware removal board! Long time listener, first time caller, I've generally never needed your succor beyond the first few steps of your FAQ, but since my wonderful Mrs decided it would be a great idea to open an attachment in a dodgy mail things have taken a sudden dive past the level at which i am competent to fix things, so here's hoping you chaps can help me. It appears to concern multiple trojans sprouting scareware popups and all manner of other nastiness; most applications won't run, many webpages won't load, and most of the antivirus / anti malware programs i have appear to be utterly oblivious to the nasty facts.

    I had AVG free completely updated, running daily scans.

    SuperAntiSpyware, Malwarebytes, Advanced Systemcare, IOBit Security 360, CCleaner.exe, Lavasoft Ad-Aware are all on my machine and get used pretty regularly. (I know this might sound like overkill, but I've had enough nasty infections in my time to prefer to be paranoid than to be Owned...

    Here's an account of the steps in your FAQ that i've followed - I can't open .txt files on my PC so bear with me as I edit this post in the next half hour or so as and when i complete the steps you require.

    1: Comedian.exe won't run successfully.

    2. Ran TFC - 140.00 mb of temporary files deleted; upon reboot problem still present; desktop background still different, warning popups flashing every few seconds, courtesy of a program that calls itself "Internet Security 2010", which has seemingly installed itself on my computer and is still giving me cute little messages written with the feeling for spelling and grammar that would drive an English teacher to drink...

    3. Running Malwarebytes now, it has crashed and is no longer responding after initiating scan. 3/3 attempts end in similar failure. 4th one miraculously results in a scan starting. Issue still present after reboot. Log is as follows:
    Malwarebytes' Anti-Malware 1.40
Database version: 2722
Windows 5.1.2600 Service Pack 3

06/01/2010 02:32:37
mbam-log-2010-01-06 (02-32-36).txt

Scan type: Quick Scan
Objects scanned: 84267
Time elapsed: 27 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    SUPERAntiSpyware scan currently in progress.


Comments

  • #2
    jolsen
    Registered Users, Registered Users 2 Posts: 92 ✭✭jolsen


    Uninstall Malwarebytes it's probably corrupted, you need to install it later so keep the installer if you still have it or redownload it.

    There are pretty good instructions here to remove "Internet Security 2010", here, after running rkill make sure you don't reboot as it kills processes and the like of the dross for Malwarebytes and the like to run properly.


  • #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    don't put the logs in code

    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txts will open.
    • Save both reports to your desktop.

    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


Advertisement