New
#41
Before you run off and get a Mac they to get viruses .
Apparently the tablets don't.
Tablets have their use, however, personally, would not trade my laptop for a tablet. My tablet is fine for 'light' use, but cannot do all that the laptop does.
Use a clean computer, and change your passwords. <<--- Important
If you are not quite ready to throw the laptop over the fence, please follow Post #39.
Make sure you post the new Rkreport (Mode: Delete) in your reply.
These are not Microsoft Security Essentials alerts.
Trojan.PSW.Win32launch
HacToolWin32/Welevate.A
Adware.Win32.Fraud
Your computer is infected by a fake security program.
If you click the alert to clean the infection, you will download more malware.
Next, please use Malwarebytes Anti-Rootkit Download
Save to the Desktop (easy to find)
Right-click the file and select: Extract here...
In the MBAR folder that appears on the Desktop, open it, and double-click the MBAR application.
At the program console, follow the prompts to update and allow the program to SCAN the computer for threats.
If any threats are reported, DO NOT click on the Cleanup button to remove them!!!
At this point go back to the MBAR folder on the Desktop, and look for two reports:
1. system-log.txt
2. mbar-log-2013-04-22 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)
Please provide the mbar-log and the system-log in your reply.
Exit: MBAR
Last edited by cottonball; 29 Apr 2013 at 08:18.
Incredibly, I cannot save the RK report. The window opens that says I've saved it, but it is nowhere in my documents, which is where the first RK report is. Not anywhere I can find it. I went through the same exact steps.
OK. So when I tried to save the report on my desktop instead of the report in my tray to "my documents," I got a window that said more or less, "You can't save it here," which is where I saved the other one.
Also, there was a window on the screen which said, "Revocation information for the security certificate for this site in not available. Do you want to proceed?" I had RK on the screen behind the window. Too late for that information as I have already run the scan.
Can someone recommend a reliable Windows 7 laptop to me? The Amazon reviews are confusing as are the CNET reviews. My life is such that I can't devote so much time to this, and I've already spent $200 for a fix that didn't get things fixed.
To get the RogueKiller report...
Press the Start globe, and in the Search Programs and Files box right above the Start globe, type: RKreport
Above the search box you will see a list with Programs, Documents or Files.
Look for any RKreport there. Double-click to open any found.
In the upper lines of the report, you will see: Mode : Remove -- Date : 04/28/2013 23:49:34 (date will differ)
That is the report I need for you to post.
It pulled up the first report, not the one I just ran. You want me to post that one again? It's several days old, before the fake security infection.
And I cannot find Mode: Remove on this report, either.
This is the new one:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judy [Admin rights]
Mode : Scan -- Date : 04/29/2013 13:55:21
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : aefbfeaead (C:\Users\Judy\AppData\Roaming\ae70f096-0091-4777-bf93-94615e57a0e6ad\aefbfeaead.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2438601110-3927464551-1267722977-1000[...]\Policies\Explorer\Run : aefbfeaead (C:\Users\Judy\AppData\Roaming\ae70f096-0091-4777-bf93-94615e57a0e6ad\aefbfeaead.exe) [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$e753789c7b028571c64e689ed4db51bd\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$e753789c7b028571c64e689ed4db51bd\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2438601110-3927464551-1267722977-1000\$e753789c7b028571c64e689ed4db51bd\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST500DM0 02-1BD142 SATA Disk Device +++++
--- User ---
[MBR] 65448ab472fbcfd6f689b590a0e5436e
[BSP] bc8352d5af846e1bd0127f659f7692ae : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 7ff2a1acbc680c812ef961808b542c37
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2192 | Size: 15274 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_S_04292013_02d1355.txt >>
RKreport[1]_S_04262013_02d0124.txt ; RKreport[2]_S_04292013_02d1355.txt
Good! That is a newly run report (Mode : Scan -- Date : 04/29/2013 13:55:21), so let's do the following:
Please run RogueKiller once again:
Close all windows and browsers
Right-click RogueKiller and select: Run as Administrator
Wait until the Prescan finishes
The Status box shows: PreScan Finished
Press: Scan
When done, on the right, click: Delete
Wait until the Status box shows: Deleting Finished
Click on Report and provide the content of the new Rkreport (Mode: Delete) in your reply.
Hopefully, you downloaded RogueKiller to the Desktop, and the new report Mode Delete (or Remove) will also show up on the Desktop.
If not, please do a search for it.