Do I have the w32 Blaster?

Page 11 of 53 FirstFirst ... 91011121321 ... LastLast

  1. Posts : 2,470
    Windows 7 Home Premium
       #101

    Prescottbob,

    RKill is not on your flash drive, it is RogueKiller, and it did not pick up anything.

    We need to use RKill: http://www.bleepingcomputer.com/download/rkill/dl/132/


    Use another computer to download RKill.com to the flash drive, and then, in safe mode, run it on the infected computer.
    Do not reboot, and then run MBAM.

    If the malicious process, which is causing your nuisance messages, is not killed, we will be back in the same boat.
      My Computer


  2. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #102

    by Lawrence Abrams (Grinler)
    Bleeping Computer - Technical Support and Computer Help
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn't - A brief introduction to the program - Am I infected? What do I do?
    Program started at: 05/08/2013 11:47:20 AM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
    Backup Registry fi

    rkill report
    y Lawrence Abrams (Grinler)
    Bleeping Computer - Technical Support and Computer Help
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn't - A brief introduction to the program - Am I infected? What do I do?
    Program started at: 05/08/2013 11:47:20 AM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
    Backup Registry file created at:
    C:\Users\Binnie\Desktop\rkill\rkill-05-08-2013-11-47-22.reg
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001
    Checking Windows Service Integrity:
    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic
    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup T
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #103

    Did you try to run this in normal Windows?

    If not, please give it a whirl.
      My Computer


  4. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #104

    Mbam running again 12:10. Going to lunch- be back 1:15 MST
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #105

    If the problem persists after MBAM, do you use Chrome or FireFox browsers?

    If not, see if you can download one of them, and use it to download FRST.

    See if you get the same message..where the file has a virus and was deleted.
      My Computer


  6. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #106

    rkill report in normal mode.

    Lawrence Abrams (Grinler)
    Bleeping Computer - Technical Support and Computer Help
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn't - A brief introduction to the program - Am I infected? What do I do?
    Program started at: 05/08/2013 01:01:06 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001
    Checking Windows Service Integrity:
    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual
    * BFE [Missing Service]
    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]
    * WinDefend [Missing Service]
    * wscsvc [Missing Service]
    * SharedAccess [Missing ImagePath]
    * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * HOSTS file entries found:
    127.0.0.1 localhost
    Program finished at: 05/08/2013 01:01:10 PM
    Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
      My Computer


  7. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #107

    MBAM is still running in normal mode. FRST did download in CHROME.
      My Computer


  8. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #108

    Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.05.08.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16540
    Binnie :: BINNIE-PC [administrator]
    Protection: Enabled
    5/8/2013 1:15:01 PM
    MBAM-log-2013-05-08 (17-04-24).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 1129785
    Time elapsed: 3 hour(s), 34 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Users\Binnie\AppData\Local\Temp\11367789291653.exe (Rogue.SecurityShield) -> No action taken.
    C:\Users\Binnie\AppData\Local\Temp\EF0E.tmp (Rogue.SecurityShield) -> No action taken.
    (end)
    Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.05.08.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16540
    Binnie :: BINNIE-PC [administrator]
    Protection: Enabled
    5/8/2013 1:15:01 PM
    mbam-log-2013-05-08 (13-15-01).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 1129785
    Time elapsed: 3 hour(s), 34 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Users\Binnie\AppData\Local\Temp\11367789291653.exe (Rogue.SecurityShield) -> Quarantined and deleted successfully.
    C:\Users\Binnie\AppData\Local\Temp\EF0E.tmp (Rogue.SecurityShield) -> Quarantined and deleted successfully.
    (end)
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #109

    Prescottbob,

    If Chrome does not give you the "...contained a virus and was deleted", see if you can go to the Farbar Recovery Scan Tool Download
    Select the 64-bit version.
    Save to your Desktop.

    Double-click the downloaded file to run it.
    When the tool opens click Yes to disclaimer.

    Press the Scan button.

    FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply. <<---

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply. <<---





    Also in Chrome, please start Downloading Farbar Service Scanner
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    Press: Scan

    When done, the tool creates a report (FSS.txt) on the Desktop.
    Also provide the FSS.txt in your reply. <<---
      My Computer


  10. Posts : 2,470
    Windows 7 Home Premium
       #110

    We both posted at the same time.

    Can you download FRST using Internet Explorer in normal Windows?

    If no-go, use Chrome, but post whaich browser you used.
      My Computer


 
Page 11 of 53 FirstFirst ... 91011121321 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:04.
Find Us