 | |
| |
| 31 Mar 2011 | |
| Windows 7 Ultimate SP1 x64 850 posts Southern California | Virus Help Needed Just today I got an Virus on one of my home computers. It disabled MSE and disallows me from accessing any resources, running programs, or starting the task manager or system tools like cmd. I can still access Safe Boot mode and ran MSE from safe boot, but the virus/ rouge AV is still on the computer, other than that It turns the desktop a blue color and floods my router with high pings, I can see this from router logs. Here are some pics, I had to take them with my cell because it disabled the Snipping Tool.     Any help on removing this rouge AV would be much appreciated! |
My System Specs | |
| 31 Mar 2011 | |
| Windows 7 x64 6,737 posts Houston | boot in safe mode with networking Safe Mode If that keeps it from launching at that point you can download install and allow to update malwarebytes antimalware Malwarebytes (free version) Run a full scan and let it do it's thing and clean it out. That should return you to a position where you can boot normally. If you can't launch any applications the attached file should return that to normal (all this still needs to be done in safe mode.) |
| My System Specs |
| 31 Mar 2011 | |
| Windows 7 Ultimate SP1 x64 850 posts Southern California | I am able to boot into safe mode and am running a full scan with malwarebytes right now, I will post the log files as soon as it finishes. |
| My System Specs |
| . |
| |
| 31 Mar 2011 | |
| Windows 7 x64 6,737 posts Houston | when it's done it will give you the option to clean up the mess it finds on the ...bottom right I believe, it's been so long since I was actually infected with anything I'm not sure I'm remembering that little detail right. It does a great clean up job though. It should get rid of the problem. Worst case scenario is afterwards you'll need to use startup repair to get it booting right again. Startup Repair We don't want to use system restore right now though, as the restore files may actually contain the virus. Depending on how sneaky it was. |
| My System Specs |
| 31 Mar 2011 | |
| Windows 7 Ultimate SP1 x64 850 posts Southern California | 
Quote: Originally Posted by Maguscreed  when it's done it will give you the option to clean up the mess it finds on the ...bottom right I believe, it's been so long since I was actually infected with anything I'm not sure I'm remembering that little detail right. It does a great clean up job though. It should get rid of the problem. Worst case scenario is afterwards you'll need to use startup repair to get it booting right again. Startup Repair We don't want to use system restore right now though, as the restore files may actually contain the virus. Depending on how sneaky it was. |
| My System Specs |
| 31 Mar 2011 | |
| Windows 7 Ultimate SP1 x64 850 posts Southern California | I successfully managed to remove the infected files, I have included the log files, I ran a quick scan first and then a full scan. mbam-log-2011-03-31 (20-00-54).txt Code: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/31/2011 8:00:54 PM mbam-log-2011-03-31 (20-00-54).txt Scan type: Quick scan Objects scanned: 154371 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\fCd16633iHkPb16633 (Trojan.Agent.Gen) -> Value: fCd16633iHkPb16633 -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\programdata\fcd16633ihkpb16633\fcd16633ihkpb16633.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\Users\basa\local settings\temporary internet files\Content.IE5\ZWQ3XI6W\download[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Code: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6231 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/31/2011 8:47:25 PM mbam-log-2011-03-31 (20-47-25).txt Scan type: Full scan (C:\|) Objects scanned: 269605 Time elapsed: 41 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\basa\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\60IKWZ5T\antispy2011setup[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\Users\basa\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\N6JD1KBM\antispy2011setup[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\Users\basa\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\N6JD1KBM\antispy2011setup[2].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. |
| My System Specs |
| 01 Apr 2011 | |
| Windows 7 Home Premium 32 bit 5,681 posts In a house with a cat trying to kill me | Here are a couple of other options in case Malwarebytes doesn't get it out of the system. Even if MB does remove it, it would be a good idea to run your AV or these tools and do a full system scan while disconnected from the net. Once you get a virus, it's hard to tell how much of it is left behind. And unfortunately, even one tiny file can cause it to come back and reinstall. Microsoft Windows Malicious Software Removal Tool Download details: Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64 Norton Power Eraser http://security.symantec.com/nbrt/np...origin=default |
| My System Specs |
| 01 Apr 2011 | |
| Windows 7 Ultimate SP1 (x64) 9,922 posts South Australia | Hi ionbasa, Looks like Malwarebytes did the trick - its very good software. As an additional check, can I suggest performing an online scan using the ESET on-line scanner? This just helps to give some comfort that nothing has slipped through the cracks. Regards, Golden |
| My System Specs |
| 01 Apr 2011 | |
| Windows7 Pro 64bit SP-1; Windows XP Pro 32bit 6,487 posts Grafton,IL | Below is courtesy of JACEE! I just copied and pasted. You can run it in safe mode with network if needed. Also when done you can leave the download which is definitions on your PC and next time it will just update definitions and run. Much quicker if needed again later. First time I used it was for testing. The second time I was actually doing a virus check as you would be doing. Saved 5-10 minutes on second run. Mike See if Eset finds anything ...
|
| My System Specs |
| 01 Apr 2011 | |
| Windows 7 Ultimate SP1 x64 850 posts Southern California | okay, Thank you for all the help, MB fixed it and than ran eset and all was clean. |
| My System Specs |
 |
Virus Help Needed problems?
| Thread Tools | |
| Similar help and support threads for: Virus Help Needed | ||||
| Thread | Forum | |||
| Anti Virus Program really needed? | System Security | |||
| Pretty sure I have a virus. What do you guys think? Help needed. | System Security | |||
| Partition Virus/Non-system Drive Virus | System Security | |||
| Want are the best afforable anti-virus for a trojan virus | System Security | |||
All times are GMT -5. The time now is 05:50 PM.
