Vincent Costanza
asked on
Malware
I have infections that keep coming back... I have included a malwarebytes log.
Any help would be appreciated..
Thanks
Any help would be appreciated..
Thanks
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3988
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/14/2010 7:53:06 PM
mbam-log-2010-04-14 (19-53-06).txt
Scan type: Quick scan
Objects scanned: 125005
Time elapsed: 10 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Run MBAM (in normal mode) and select a complete scan. You can use CCleaner to delete temporary internet files and other temporary files to save scanning time.
Then install, update, and run MS Security Essential or update and run your currently installed AV program.
Then install, update, and run MS Security Essential or update and run your currently installed AV program.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Everything that MBAM found relating to Digital protection folder/files have been deleted.
Try the suggested Combofix, HitmanPro or TDSSKiller and show us the logfile.
TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
Try the suggested Combofix, HitmanPro or TDSSKiller and show us the logfile.
TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
http://forums.majorgeeks.com/showthread.php?t=35407