• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 676
  • Last Modified:

Virus - MyWebSearch

Ok...another infected computer.

I have scanned with Rkill (before each), MBAM, SAS, Hitman Pro and Rogue Killer.  Attached are logs.

The main issue she is having is that MSE will not stay on or update through Windows Updates (I have been able to update within the program)  I can not uninstall or update MSE.  See error message.

What is my next step.

Thank you for your assistance
Rkill-1.txt
mbam-log-2013-01-21--14-57-08-.txt
0
Mags
Asked:
Mags
  • 5
  • 2
2 Solutions
 
alatechsolutionsCommented:
TDSSKiller is a great rootkit scanner.
Also Kaspersky has a "virus scanner 2011" that can be downloaded which is great at getting tough viruses.

Have you tried a system restore? System file checker? I also like Eset's online scanner. You might give it a shot at getting the final "nasties" off the system. Good Luck!
0
 
MagsOwnerAuthor Commented:
I dislike when I hit enter it posts.  :-(  I just tried to edit my question since I wasn't finished and after I was done uploading and editing it said I was unauthorized.  arggggh  I will run TDSSKiller and Kaspersky.

She has no older System restore points than December 20 so that won't be much help.

I have not run a System File Checker, are you talking about running sfc /scannow?

I will run Eset's online scanner.

I searched error code 0x800705v4 and got this link - http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/cant-turn-on-mse-error-code-0x800705b4/04797ec4-efa8-40db-a382-8981ded7fedc?tm=1358916266349&tab=AllReplies#tabs  I will start on that tomorrow.
0
 
alatechsolutionsCommented:
Yes sfc /scannow is what I was referring too. Here is a microsoft page with what looks to be a removal tool as well as manual instructions on how to remove MSE.
http://support.microsoft.com/kb/2435760

Also, I always try to outway "How long will this take to fix based on all the issues I am currently having" versus "How much stuff do they have and how long would it take me to just reload it, in which i KNOW it would be right when I am finished"

Good luck!
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
MagsOwnerAuthor Commented:
You can probably ignore the following but this is what I did - Got MSE to re-install yesterday and it was running beautifully until today (and I was so proud of myself).  This is what I was going to write.

Did a Clean boot after getting this message - Received this error code 0X80070645

Set a system restore point before starting (Which is now missing)

Found solutions...http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/error-code-0x80070645-when-installing-security/02415eb9-68df-4e09-bb6b-72fa4095bce3  - Remove registry key :
HKEY_CLASSES_ROOT > Installer > UpgradeCodes >26D13F39948E1D546B0106B5539504D9 there was no For Windows XP :
HKEY_CLASSES_ROOT > Installer > UpgradeCodes > 1F69ACF0D1CF2B7418F292F0E05EC20B  and this one http://www.explosiveknowledge.net/main/2012/07/22/mse_troubleshooting/  

MSE would not uninstall, re-install or update no matter what I did so I figured MSE and Microsoft Security Client where corrupt.  The computer never showed a Virus or Trojan simply PUPs.  The above got me up and running with MSE running as it should...then

I am now getting a folder opening to on the desktop when ever I restart C:\Programs\Microsoft and the folder that is showing is defaultpack.exe.  MSE is not working, my remote connection was just terminated (I've been using it all day).  Ran RKill...all new finding...Windows Service Integrity - many disabled.  Looks like I was wrong and there is something in the machine.  See attached.

I think it will be best (less brain damage) to re-install the OS.  It is a Dell Optiplex GX260 with Windows Professional.  I have a Dell disk with Windows Professional but I have found that with Dell (mainly) they don't always work, even with a valid OS product code.

HELP!!!!!!!!
Thank you.
0
 
MagsOwnerAuthor Commented:
Sorry...here is the RKill log
RKill-Log.JPG
0
 
MagsOwnerAuthor Commented:
I feel like I've been deserted.  Can some one please help?  I really value your assistance.  If this is the wrong area to continue I can close this and open another.  Please let me know asap.
Thank you,
Mags
0
 
MagsOwnerAuthor Commented:
Opening up another post...I need to work on this computer.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now