Solved

Malware after bogus facebook link cannot get rid of threat

Posted on 2008-10-15
4
886 Views
Last Modified: 2013-12-06
I received a message from a friend on Facebook, but the friend did not send me the link. It sent me to google and immediately my antivirus software went off, but was not able to fix it. I get this popup whenever I logon.
http://i216.photobucket.com/albums/cc20/tommydkat/anitvirusmessage.jpg

I have tried, every malware program I know... CClenaer, CWShredder, AdAware, SpyBot, and nothing seems to work. I created a scan using HiJack This, and can only hope someone can interpret what I need to delete.  The HiJackThis Log file is attached.
Thanks,
Tom
Thanks,

hijackthistom.txt
0
Comment
Question by:tburick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
phototropic earned 500 total points
ID: 22723388
This is a bad entry:

O4 - HKLM\..\Run: [sysftray2] C:\windows\bolivar20.exe

I would recommend scanning with Malwarebytes' Antimalware:

http://www.malwarebytes.org/mbam.php

Download the trial version, update it fully, then click on "Perform a quick scan".  Show results then click on "remove selected". Post the log here, along with a fresh HJT log.


Good luck!!!
0
 

Author Comment

by:tburick
ID: 22726227
The deletion worked and I also ran the MalwareBytes software and selected all and removed.
Here is the Malwarebytes.log  THEN I will copy the AFTER Log. to show the difference when I ran the fix.
 and I will attach the newest HiJackthis log.

BEFORE:
---------------------------------------------------------
Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 3

10/15/2008 5:22:33 PM
malwarebytesBefore.txt

Scan type: Quick Scan
Objects scanned: 44057
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Ascentive (Rogue.Multiple) -> No action taken.
C:\Program Files\Ascentive\Performance Center (Rogue.Multiple) -> No action taken.

Files Infected:
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken.
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> No action taken.
C:\Program Files\Ascentive\Performance Center\GUID (Rogue.Multiple) -> No action taken.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> No action taken.
------------------------------------------------------------
AFTER:
---------------------
Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 3

10/15/2008 5:37:50 PM
mbam-log-2008-10-15 (17-37-50).txt

Scan type: Quick Scan
Objects scanned: 44048
Time elapsed: 1 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
hijackthis.log
0
 

Author Closing Comment

by:tburick
ID: 31506344
Thanks to Phototropic for a speedy response!!
0
 
LVL 23

Expert Comment

by:phototropic
ID: 22726368
Yeah, your HJT log looks clean.

Good job!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Virus On motherboard 6 113
What is Ransomware? 16 98
Total AV worth it? 4 387
TrapX & best honey pots that deal with email ransomwares & malwares 1 52
This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question