tntmm6
2009-10-01, 20:24
We noticed Total Security a couple of days ago. I've run Spybot and it found 3 threats and removed them and it's still there. And now we can't run anything else, even Spybot. After many searches I found a post about malwarebytes. I downloaded on an external drive using a different computer, and changed the name, following the directions in this post spyware forum (http://www.2-spyware.com/forum/topic2351.html). I ran the program from the external drive, and it found a e more few and removed them. On the log I saw Total Security, Backdoorbot, Adsense and some others. But now I can't even find the log. It said to reboot, but when it rebooted, it didn't find the external drive, and I don't think it completed the process.
After the reboot, Total Security is still there popping up. The other part of the post said to use ComboFix, but I don't want to do that without help. I'm not super techincal, but can find my way around a PC fairly well.
I hope someone can help us quickly.
Thanks!
I found the log:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
10/1/2009 12:16:20 PM
mbam-log-2009-10-01 (12-16-20).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 216075
Time elapsed: 1 hour(s), 4 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Kyle\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kyle\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Kyle\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kyle\Desktop\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
==============
The other part of the post said to use ComboFix, but I don't want to do that without help.
Good idea. :)
Do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806)
After the reboot, Total Security is still there popping up. The other part of the post said to use ComboFix, but I don't want to do that without help. I'm not super techincal, but can find my way around a PC fairly well.
I hope someone can help us quickly.
Thanks!
I found the log:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
10/1/2009 12:16:20 PM
mbam-log-2009-10-01 (12-16-20).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 216075
Time elapsed: 1 hour(s), 4 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Kyle\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kyle\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Kyle\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kyle\Desktop\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
==============
The other part of the post said to use ComboFix, but I don't want to do that without help.
Good idea. :)
Do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806)