Solved

Virus - MyWebSearch

Posted on 2013-01-22
7
635 Views
Last Modified: 2013-11-22
Ok...another infected computer.

I have scanned with Rkill (before each), MBAM, SAS, Hitman Pro and Rogue Killer.  Attached are logs.

The main issue she is having is that MSE will not stay on or update through Windows Updates (I have been able to update within the program)  I can not uninstall or update MSE.  See error message.

What is my next step.

Thank you for your assistance
Rkill-1.txt
mbam-log-2013-01-21--14-57-08-.txt
0
Comment
Question by:MagsMcKinley14
  • 5
  • 2
7 Comments
 
LVL 1

Assisted Solution

by:alatechsolutions
alatechsolutions earned 500 total points
ID: 38808536
TDSSKiller is a great rootkit scanner.
Also Kaspersky has a "virus scanner 2011" that can be downloaded which is great at getting tough viruses.

Have you tried a system restore? System file checker? I also like Eset's online scanner. You might give it a shot at getting the final "nasties" off the system. Good Luck!
0
 

Author Comment

by:MagsMcKinley14
ID: 38808558
I dislike when I hit enter it posts.  :-(  I just tried to edit my question since I wasn't finished and after I was done uploading and editing it said I was unauthorized.  arggggh  I will run TDSSKiller and Kaspersky.

She has no older System restore points than December 20 so that won't be much help.

I have not run a System File Checker, are you talking about running sfc /scannow?

I will run Eset's online scanner.

I searched error code 0x800705v4 and got this link - http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/cant-turn-on-mse-error-code-0x800705b4/04797ec4-efa8-40db-a382-8981ded7fedc?tm=1358916266349&tab=AllReplies#tabs  I will start on that tomorrow.
0
 
LVL 1

Accepted Solution

by:
alatechsolutions earned 500 total points
ID: 38808610
Yes sfc /scannow is what I was referring too. Here is a microsoft page with what looks to be a removal tool as well as manual instructions on how to remove MSE.
http://support.microsoft.com/kb/2435760

Also, I always try to outway "How long will this take to fix based on all the issues I am currently having" versus "How much stuff do they have and how long would it take me to just reload it, in which i KNOW it would be right when I am finished"

Good luck!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:MagsMcKinley14
ID: 38820602
You can probably ignore the following but this is what I did - Got MSE to re-install yesterday and it was running beautifully until today (and I was so proud of myself).  This is what I was going to write.

Did a Clean boot after getting this message - Received this error code 0X80070645

Set a system restore point before starting (Which is now missing)

Found solutions...http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/error-code-0x80070645-when-installing-security/02415eb9-68df-4e09-bb6b-72fa4095bce3  - Remove registry key :
HKEY_CLASSES_ROOT > Installer > UpgradeCodes >26D13F39948E1D546B0106B5539504D9 there was no For Windows XP :
HKEY_CLASSES_ROOT > Installer > UpgradeCodes > 1F69ACF0D1CF2B7418F292F0E05EC20B  and this one http://www.explosiveknowledge.net/main/2012/07/22/mse_troubleshooting/  

MSE would not uninstall, re-install or update no matter what I did so I figured MSE and Microsoft Security Client where corrupt.  The computer never showed a Virus or Trojan simply PUPs.  The above got me up and running with MSE running as it should...then

I am now getting a folder opening to on the desktop when ever I restart C:\Programs\Microsoft and the folder that is showing is defaultpack.exe.  MSE is not working, my remote connection was just terminated (I've been using it all day).  Ran RKill...all new finding...Windows Service Integrity - many disabled.  Looks like I was wrong and there is something in the machine.  See attached.

I think it will be best (less brain damage) to re-install the OS.  It is a Dell Optiplex GX260 with Windows Professional.  I have a Dell disk with Windows Professional but I have found that with Dell (mainly) they don't always work, even with a valid OS product code.

HELP!!!!!!!!
Thank you.
0
 

Author Comment

by:MagsMcKinley14
ID: 38820608
Sorry...here is the RKill log
RKill-Log.JPG
0
 

Author Comment

by:MagsMcKinley14
ID: 38827362
I feel like I've been deserted.  Can some one please help?  I really value your assistance.  If this is the wrong area to continue I can close this and open another.  Please let me know asap.
Thank you,
Mags
0
 

Author Comment

by:MagsMcKinley14
ID: 38827874
Opening up another post...I need to work on this computer.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now