infected by win32.fraudload.edt
- Thread starter plindema
- Start date
Hi,
No, I right-clicked on the icon that says "blocked startup programs". And there isn't an MBAM icon in the tray at all. When I hover over "Run blocked program", a sidebar pops up and the only listing is for MBAM.
Also, I never mentioned this because I figured I'd remove the program when we are all done, but before I contacted you, I followed the forum directions and downloaded and ran ERUNT (I believe successfully). On startup I now get a message that says "Unable to create file: C:\Windows\ERDNT\AutoBackup\1-16-2010\ERDNT.INF
Registry backup will continue but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files."
When I click OK, I get a message that says:
"Error saving file:
C\Windows\ERDNT\AutoBackup\1-16-2010\SECURITY!
Continue with the next file?
[RegCreateKeyEx:5 - Access is denied]"
When I click "Yes", I get a bunch more similar errors.
What do you think?
-Trisha
No, I right-clicked on the icon that says "blocked startup programs". And there isn't an MBAM icon in the tray at all. When I hover over "Run blocked program", a sidebar pops up and the only listing is for MBAM.
Also, I never mentioned this because I figured I'd remove the program when we are all done, but before I contacted you, I followed the forum directions and downloaded and ran ERUNT (I believe successfully). On startup I now get a message that says "Unable to create file: C:\Windows\ERDNT\AutoBackup\1-16-2010\ERDNT.INF
Registry backup will continue but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files."
When I click OK, I get a message that says:
"Error saving file:
C\Windows\ERDNT\AutoBackup\1-16-2010\SECURITY!
Continue with the next file?
[RegCreateKeyEx:5 - Access is denied]"
When I click "Yes", I get a bunch more similar errors.
What do you think?
-Trisha
I see, MBAM is blocked from running. Click on MBAM icon there to allow it run. Erunt related issue arises when program has been run without elevated privileges. In Vista, you have to run Erunt by right clicking its .exe file and select 'run as administrator'.
Yes, those can be removed. However, I recommend you keep MBAM installed and run it regularly (remember update through the update tab in the program always before running the scan).
What it comes to system cleaness, logs look ok.
You may uninstall ComboFix now:
Please download OTC and save it to desktop.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
What it comes to system cleaness, logs look ok.
You may uninstall ComboFix now:
- Click START then RUN
- Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC and save it to desktop.
- Double-click OTC.exe.
- Click the CleanUp! button.
- Select Yes when the
Begin cleanup Process?
prompt appears. - If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Hi.
I uninstalled Combofix and ran OTC.exe
When the machine restarted I no longer got the Erunt errors that I was getting.
Several programs are still installed:
Erunt
HJT
ATF-Cleaner
MBAM
You suggested I leave MBAM and run periodically. Can I remove it from the "run on startup" list so that i don't get the error that "Windows has blocked some startup programs"?
Also, shall I remove the other programs?
Thanks again.
-Trisha
I uninstalled Combofix and ran OTC.exe
When the machine restarted I no longer got the Erunt errors that I was getting.
Several programs are still installed:
Erunt
HJT
ATF-Cleaner
MBAM
You suggested I leave MBAM and run periodically. Can I remove it from the "run on startup" list so that i don't get the error that "Windows has blocked some startup programs"?
Also, shall I remove the other programs?
Thanks again.
-Trisha
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. 
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.