Malware

I have infections that keep coming back... I have included a malwarebytes log.
Any help would be appreciated..
Thanks
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3988

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/14/2010 7:53:06 PM
mbam-log-2010-04-14 (19-53-06).txt

Scan type: Quick scan
Objects scanned: 125005
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Open in new window

Vincent CostanzaOwnerAsked:
Who is Participating?
 
splaitConnect With a Mentor Commented:
Go into the following directory and delete the Digital Protection folder

C:\Documents and Settings\Vincent\Start Menu\Programs\

Empty out the C:\Documents and Settings\Vincent\local settings\temp folder totally.

Go into C:\Documents and Settings\Vincent\Start Menu\Programs\ folder and make suure the Security Tool.lnk file is not there.  If it is, remove it.

Make sure this file is gone.  If not, remove it.

C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\DigitalProtection.lnk

As soon as you've done that, run MalwareBytes again in Safe Mode.
0
 
alienvoiceCommented:
For any malware infections I follow this guide religiously. Tell me how you go.

http://forums.majorgeeks.com/showthread.php?t=35407

0
 
willcompCommented:
Run MBAM (in normal mode) and select a complete scan. You can use CCleaner to delete temporary internet files and other temporary files to save scanning time.

Then install, update, and run MS Security Essential or update and run your currently installed AV program.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
optomaConnect With a Mentor Commented:
Run a scan with Hitmanpro
http://www.surfright.nl/en/hitmanpro

Run Combofix and follow its running proceedures:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Attach its logfile here after
0
 
c_a_n_o_nConnect With a Mentor Commented:
If your system is/was infected with a pest, malware, trojan, or virus your system will behave unexpectedly.  The best method to attempt resolution is to completely rule out the operating system by bypassing it.  To do so, you will need a rescue CD.  There are several that are out there, you might be able to create one, there are instructions and sites that can assist with that.  But the easiest way is to use a product that is FREE, and I have used successfully for several of my clients and on many workstations.

BitDefender (FREE Downloadable Rescue CD).  Available Here.
http://download.bitdefender.com/rescue_cd/

Instructions on the product.
http://www.bitdefender.com/KB417-en--Using-the-BitDefender-Rescue-CD.html

Hope this helps.

PS.  This may sound like a "canned" response, it just might be.  However, it is the easiest and most effective method to resolve a situation like this.
0
 
rpggamergirlCommented:
Everything that MBAM found relating to Digital protection folder/files have been deleted.

Try the suggested Combofix, HitmanPro or TDSSKiller and show us the logfile.

TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip 
* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.