• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

AttackYestrday

P

Plantier

New member
I need assistance
to recover from an attack.but cannot
I tried to load ERUNT but it willnot install

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Owner at 6:28:45 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.444 [GMT 2:00]
.
AV: Anti-virus firewall 9.12 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Anti-virus firewall 9.12 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSHDLL32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Carole PALMER\Local Settings\Temporary Internet Files\Content.IE5\5OS75JB7\dds[1].scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}
uSearch Bar = hxxp://www.wanadoo.fr/go/page_recherche/
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uInternet Connection Wizard,ShellNext = hxxp://www.elonex.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\prxtbSea2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\prxtbSea2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\prxtbSea2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [EPSON Stylus D78 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibge.exe /fu "c:\windows\temp\E_S2C7.tmp" /EF "HKLM"
mRun: [F-Secure Manager] "c:\program files\orange\antivirusfirewall\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\orange\antivirusfirewall\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\program files\orange\antivirusfirewall\fsps\program\FSLSP.DLL
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134138356660
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164665774046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://www.securitoo.com/ols/fscax.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carole palmer\application data\mozilla\firefox\profiles\lu1hxnh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
misc.php
- c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-9-8 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-9-8 81864]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\orange\antivirusfirewall\hips\drivers\fshs.sys [2009-9-8 69928]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-2-17 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-2-17 108904]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\orange\antivirusfirewall\anti-virus\fsgk32st.exe [2009-9-8 221608]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\orange\antivirusfirewall\anti-virus\minifilter\fsgk.sys [2009-9-8 130728]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\orange\antivirusfirewall\orsp client\fsorsp.exe [2009-9-8 63992]
S2 gupdate1c9a6095bcb07de;Google Update Service (gupdate1c9a6095bcb07de);c:\program files\google\update\GoogleUpdate.exe [2009-3-16 133104]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\drivers\ax88172.sys [2010-1-12 18224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-16 133104]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2007-1-10 72576]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\orange\antivirusfirewall\anti-virus\win2k\fsfilter.sys [2009-9-8 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\orange\antivirusfirewall\anti-virus\win2k\fsrec.sys [2009-9-8 27048]
S4 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-1-10 30192]
S4 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-2-17 779496]
.
=============== Created Last 30 ================
.
2100-02-08 15:03:54 53248 -c--a-w- c:\program files\ACMonitor_X73.exe
2011-05-19 15:22:07 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2011-04-12 12:06:13 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2001-05-08 15:36:42 114688 -c--a-w- c:\program files\lxarscan.dll
.
============= FINISH: 6:31:43.53 ===============
 
ok. Start with malwarebytes and lets see what that can dig up.

Please download the free version of Malwarebytes to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click *Remove Selected.*



*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*



When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.
 
Attackyestrday

Than you for your reply.

I have two computers on a 'Livebox'. I am replying on the one with least (perhaps no) problems. The other is a laptop.

I attempted to load Malwarebytes on the laptop I got a 'loading' message but was the transferred to a Techspot Page offering Malwarebytes Anti-Malware 1.51.0 at $24.95 I can find no evidence that the application has loaded.

I tried the same on this computer, and was redirected to fileforum offering Malwarebytes Anti-Malware 1.51.0.1200 again at $24.95 again there is no evidence of the application (free version) having loaded
 
Just tried again, and loaded mbam-setup on the desktop. When I try to run app. I get 'Choose the program you want to open this file'

This happens with many exe. applications eg SpyBot, Securitoo
 
The Log:Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6753

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/06/2011 17:14:44
mbam-log-2011-06-02 (17-14-44).txt

Scan type: Full scan (C:\|D:\|J:\|)
Objects scanned: 330479
Time elapsed: 3 hour(s), 41 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
1)Try renaming the mbam-setup.exe to something like plantier.exe and see what happens

if that dosnt work:

2) boot your computer into safe mode. To reach safe mode you would tap the f8 key during a computer restart, chose the: safe mode with networking. Log into your usual account. Once at the safe mode desktop try installing malwarebytes and updating it before a scan

if that dosnt work:
reboot computer normally

3) Please download rkill.com by Grinler and save it to your desktop:

Double-click on the Rkill desktop icon to run the tool.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
After its finished try running installing, updating and running: Malwarebytes

If malwarebytes dosnt run download rkill.scr
Double-click on the Rkill.scr desktop icon to run the tool.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
After its finished try running installing, updating and running: Malwarebytes

If malwarebytes dosnt run download explorer.exe
Double-click on the eXplorer.exe desktop icon to run the tool.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
After its finished try running installing, updating and running: Malwarebytes

If malwarebytes dosnt run download iExplore.exe
Double-click on the iExplorer.exe desktop icon to run the tool.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
After its finished try running installing, updating and running: Malwarebytes

If malwarebytes dosnt run download uSeRiNiT.exe

Double-click on the uSeRiNiT.exe desktop icon to run the tool.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
After its finished try running installing, updating and running: Malwarebytes

Hopefully MBAM will install and run ok.
 
I've tried all the options several times over. I am able to load from the web, but none of the exe. files will run.

I get the same 'Open With...' screen

I renamed MBAM.exe. Downloaded rkill.exe : rkill.scr : the others (explorer.exe,iexplore.exe,userinit.exe) all came up automatically with rkill.exe and 'Open With...'
 
ok.

1)Create a new system restore point:

1. Click Start, click Run, type %SystemRoot%\system32\restore\rstrui.exe, and then click OK.
2. On the Welcome to System Restore page, click Create a restore point, and then click Next .
3. On the Create a Restore Point page, type a name for the restore point and then click Create
4. After the restore point has been created, click Close.

Note If System Restore is turned off, you receive a message that asks whether you want to turn on System Restore now. Click Yes. Then, in the System Properties dialog box, click to clear the Turn off System Restore check box, click OK, and then repeat this step.

2) Download this Extract it to your desktop then double click it, if asked to "merge to registry' select yes. afterwards try running MBAM
 
Last edited:
It worked!



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6766

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/06/2011 06:46:58
mbam-log-2011-06-04 (06-46-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 264151
Time elapsed: 1 hour(s), 29 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\Desktop\antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\carole palmer\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\documents and settings\carole palmer\Desktop\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
 
Seems fine now.
What worries me is responding to security warnings. I have one now, a Windows Security Alert. Do I tick the box for automatic updates, or ignore?
This what got me into trouble inthe first place. How do I know the 'Flags' and popups are genuine?
 
Do you have Windows update turned on? start>settings>control panel>security center. You can also manage the settings from there. You could also visit Windows Update.

Windows Security Alert
Click to expand...
What you are seeing sounds like scareware. There are no security alerts that popup that are from Windows. At the most you may see a icon by the clock that displays a message when you toggle over it that is from Windows, but scareware can mimic this also.
Are you seeing this popup only when you are on the internet? Is it coming from a icon by the clock?
See this link.
 
control panel-system says Automatic upgrades is on, icon next clock says off, and unable to change: it says go system panel and switch-on there.

Your link shows the kind of thing I'm concerned about
 
I associate the Scareware with the point when my Antivirus and Spybot failed to work. Were they not the source of the infections?

I followed your link to Windows Update on both computers. I get a different page displayed on each - this again makes me suspicious.

I have a problem with the laptop keyboard, the characters jump to the beginning of the word sometimes. Is this me, I don't use it very often.

Perhaps I'm nit-picking now and want to thank you Shelf Life for helping me (us) with this problem and appreciate very much that you are prepared to give your time and experience to help the thousands of us that get into difficulty.
 
Ok Your welcome. I am not seeing any malware. That "open with" problem must have been a bad file association. Malware can cause it also but your logs dont look bad. Please post the link to the Windows Update page you went to.

Also we will get another download to use as a check for malware. Its called combofix, there is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log.

Guide to using Combofix
 
You must log in or register to reply here.
Back
Top