Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Strange program connections

10 May 2010   #11
wolvenreign

Windows 7/Ubuntu 9.10 dual boot
 
 

Here's the log from Malwarebytes.

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4085

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/10/2010 11:03:37 AM
mbam-log-2010-05-10 (11-03-37).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 490557
Time elapsed: 8 hour(s), 46 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Do you need any more information?

Edit: Oh, and they won't get anything from me. I don't store information on my Windows side because of it's many security vulnerabilities.


My System SpecsSystem Spec
.
10 May 2010   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
10 May 2010   #13
wolvenreign

Windows 7/Ubuntu 9.10 dual boot
 
 

Whew, nasty. Did Malwarebytes take it out completely? Is there still something I must do to restore functionality?
My System SpecsSystem Spec
.

10 May 2010   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I would re-install Windows 7 and change all passwords using a known 'clean' computer... not the infected one.

You may also need to flush your DNS cache and restore the Hosts file. Do this:

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.

Right click on the batch and run as Administer. Your computer will reboot itself.
My System SpecsSystem Spec
10 May 2010   #15
wolvenreign

Windows 7/Ubuntu 9.10 dual boot
 
 

Hmm, I just completed that second step you asked for. The problem persists. Must I really reinstall Windows 7? It would be quite the pain. I can see how it would restore functionality, but...if there is a less nuclear option, I would be most rapt to hear it.
My System SpecsSystem Spec
10 May 2010   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I don't mess with rootkits. You may be able to work around it, but your computer will never be stable again.
My System SpecsSystem Spec
10 May 2010   #17
wolvenreign

Windows 7/Ubuntu 9.10 dual boot
 
 

Very well. I will reinstall and edit this post when I am finished.
My System SpecsSystem Spec
10 May 2010   #18
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
I don't mess with rootkits. You may be able to work around it, but your computer will never be stable again.
Excellent advice.
My System SpecsSystem Spec
Reply

 Strange program connections




Thread Tools




Similar help and support threads
Thread Forum
8979 Strange Program
Looking at my Programs and Features List and Revo Uninstaller, I found a program called 8979. No idea what it is. Does anyone know what it is and what it might do. Thanks.
Software
program to see incoming and outgoing network connections needed
Hello All : I did have a program before that would show all incoming and outgoing network connections . Anyone know of the name of the program ? 12 Tb of storage and can't remember where I stored it .. Thanks
Network & Sharing
Strange Program(Sonic CinePlayer) Keeps Trying to Install It's Self...
...When 1) I never even tried to get this program in anyway, 2) I do not want this program and I have no idea how it got on my PC, and 3) apparently it isn't even a free program and requires a disc, which I obviously do not have. I'm very careful about the things I download and litterally after...
Software
Strange Program Icon in Task Bar
This morning my wife was saying her computer was acting strangely and then this icon showed up out of nowhere. http://db.tt/o3GBB6Fr It looks vaguely familiar but cant place it. Wife says she has never seen it before. Some other strange symptoms, pop up stating something about a virus...
System Security
Strange problem with ad-hoc connections
Hi there, I'm new to the forum... Hello everyone! I did check the tutorials (as well as many google searches) but I couldn't find a mention of this particular issue I'm having. Basically, when I try to create a wireless ad-hoc network, when I come to the screen that asks me for the...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:22.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App