have a guess virus and all on the pc are blocked---cannot go into anything even word docs without being told the exe file has virus Name on the desktop is AV Security Suite and on the product box is Antivirus Soft and company is in London England. Seems alot like the message from Zack back in May but you say do not use insturctions for other people so I am posting. I tried to run Malabytes(sp) using another pc to dload it and install on the broke pc but the AV SSuite says it has a exe virus. Ran AVG and then Norton but neither found any virus infections....cannot find the program causing the problem on the pc tho I have searched. I cannot do the get info since not able to get into any program. Please help thanks Lois
Hi, lmontyd. Welcome to LandzDown Forum.
We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
1) Select
Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)
Please start Internet Explorer, and when the program is open, do the following:
-- click on the Tools menu and then select Internet Options.
-- click on the Connections
-- click on the Lan Settings button tab
-- under the Proxy Server section, please uncheck the checkbox labeled "Use a proxy server for your LAN"
-- press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
2) Please download rkill from one of the following links and save to your Desktop:
One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)
- Double-click rkill to run.
- A command window will open then disappear upon completion, this is normal.
- Please leave rkill on the Desktop until otherwise advised.
- Do NOT restart your computer after running rkill as the malware program(s) will start again.
Notes: If you you receive security warnings about rkill, please ignore and allow the download to continue.
4) Now you should be able to scan with Malwarebytes (MBAM). Please do the following:
Please download
Malwarebytes' Anti-Malware (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware - Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253) - Click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
- Please post contents of that file in your next reply and let us know how your computer is now.
here is the log on the process and so far that computer seems to be doing fine...my fingers are crossed it is healed and many thanks for your help
one more question if this happens again can I try the same procedure or is it best to start another question Lois
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
06/27/2010 10:53:49 AM
mbam-log-2010-06-27 (10-53-49).txt
Scan type: Quick scan
Objects scanned: 180767
Time elapsed: 9 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e0 pc pc 7bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aixjsuka (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vgfahouwf\daagrlctssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
forgot to ask is there any that needs to be done ....thanks again
Quote from: lmontyd on June 27, 2010, 04:54:01 PM
here is the log on the process and so far that computer seems to be doing fine...my fingers are crossed it is healed and many thanks for your help
one more question if this happens again can I try the same procedure or is it best to start another question Lois
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
Quote from: lmontyd on June 27, 2010, 04:55:41 PM
forgot to ask is there any that needs to be done ....thanks again
Hi, Lois.
If you need help another time, it would be best to start a new topic. In the meantime, let's make sure the computer is clean.
First, since the MBAM scan was run in Safe Mode, please check for updates and run a fresh scan in Normal Mode. As before, check what is found and post the log as a reply.
Second, since I see you are running IE7, I'd like to see if there is other out-dated software on your computer, software that could make your computer vulnerable. Please download
random's system information tool (RSIT). If prompted to download HijackThis, please allow the download:
- Download RSIT by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
- Double-click RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
will get these done later tonite storms rolling allowing or in am. we are on corp image and they use IE7 was IE6 until this season and will that make any problem I dont know since our corp email is OWA. what do you find to be the best program for email instead of IE cuz I am not real good on following some things that will work better where I can. will get the info back to you soon as I get it to send....I am slow as mud on a laptop keyboard and it makes me really love the full keyboards!!!!! again thank you very much
Whoa, Lois!
I am sorry, but since this is a business computer with a corporate image, I cannot provide any additional advice. I would have referred you to the IT department where you work if I had known.
To remove RKill from the computer, right-click on the desktop icon and select delete.
Please go to Add/Remove programs and uninstall Malwarebytes Anti-Malware (MBAM). Although MBAM is free for personal use, it is not to be used on business computers without a corporate license.
Thanks for understanding.
Corrine sorry I left you thinking it is a corp pc...it is one I own and do not use for business etc...buy it via them for privite use for the price break etc but I am owner of it and have not reimaged it due to do not have to and leave alone any not need done. So any done is totally privite owned equip as is my laptop not bot via them due to better price on ltops than they offer.
So can I still get help for this pc only I own etc and I am interested in doing is better on it ...just have not taken time to change out the IE version (lazy) and would like to finish up being sure all is how it needs to be as well as adding better programs to use aka IE8 or a better email...this is not corp owned equip same as none at office is since we buy all our equip and use lots via corp given the lower cost (not required to use corp just have better cost etc)
but there I leave corp to support etc..just not privite use items not on business use items I own...there is none free for franchise type folks sad to say. And while help we can use is nice sometimes it is stuff not known esp if used nonbusiness etc...So can you or will you continue to help on this ...just was saying why I had not changed IE etc..but if updating is better sure have no problem doing so for equip that I own...sorry I confused matters and caused you concern since all equip I have I own...thanks Lois
Ok, Lois. If you post the requested RSIT log, I will see if there is other outdated, vulnerable software on the laptop.
Thank you for this thread. One of our computers at work has been infected with this same virus, I believe. I am following the instructions in the thread right now, and I think I may be close to fixing it. I am currently running Malwarebytes. I am still a little unsure about it though, because I already followed all the steps when I was in Windows under the user "Administrator." After I completed all the steps, I tried to run Windows in normal mode and it still would not open, except for in safe mode. I am now in Windows under the user "Owner" and doing the same steps. I am waiting for Malwarebyes to finish scanning, so I am hoping for the best....but I am not sure.
Quote from: kandis on June 30, 2010, 03:41:31 PM
One of our computers at work has been infected with this same virus . . .
Hi, kandis.
You need to contact the IT department at your place of employment and not rely on the tools available for personal/home use. They are not designed for the restrictions placed on business equipment. In addition to violating the TOS for the "free for personal use" software, you could very likely violate Corporate policy where you work.
Nevermind, got it!
Sorry that I was a bit confusing. We are not a corporation, it is my computer for work.