LinkBack URL
About LinkBacksOkay, apparently every other month I seem to have a problem XD.
So yesterday 'Antimalware Doctor' downloaded itself unto one of my computers. I couldnt do much but stare for a spit second before reacting and trying to get rid of it. After about an hour I had finally gotten rid of the stupid thing, but when my computer restarted there was no tool bar or anything, on the second try it appeared. I ran Malwarebytes and it came out with this:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 6391
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/18/2011 1:39:45 PM
mbam-log-2011-04-18 (13-39-45).txt
Scan type: Quick scan
Objects scanned: 208383
Time elapsed: 15 minute(s), 6 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 53
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 63
Memory Processes Infected:
c:\documents and settings\eren\application data\6b6701131eff4f1be396ba5ca045e509\arg70techsdk .exe (Trojan.FakeAlert) -> 388 -> Unloaded process successfully.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> 3684 -> Unloaded process successfully.
c:\WINDOWS\avp.exe (Malware.Packer.Gen) -> 2232 -> Unloaded process successfully.
Memory Modules Infected:
c:\WINDOWS\system32\dzccjsfe.dll (Spyware.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{B9B220C2-A500-99BD-F120-04B53A2C8952} (Spyware.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B9B220C2-A500-99BD-F120-04B53A2C8952} (Spyware.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{B9B220C2-A500-99BD-F120-04B53A2C8952} (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\0ESKOMO9JO (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{B9B220C2-A500-99BD-F120-04B53A2C8952} (Spyware.Agent) -> Value: {B9B220C2-A500-99BD-F120-04B53A2C8952} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRsDc (Malware.Packer.Gen) -> Value: HNUqOXRsDc -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HNUqOXRsDc (Malware.Packer.Gen) -> Value: HNUqOXRsDc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRpTC (Malware.Packer.Gen) -> Value: HNUqOXRpTC -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HNUqOXRpTC (Malware.Packer.Gen) -> Value: HNUqOXRpTC -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRqfc (Malware.Packer.Gen) -> Value: HNUqOXRqfc -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HNUqOXRqfc (Malware.Packer.Gen) -> Value: HNUqOXRqfc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRrxe (Malware.Packer.Gen) -> Value: HNUqOXRrxe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HNUqOXRrxe (Malware.Packer.Gen) -> Value: HNUqOXRrxe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRpuc (Malware.Packer.Gen) -> Value: HNUqOXRpuc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HNUqOXRpuc (Malware.Packer.Gen) -> Value: HNUqOXRpuc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKZe (Malware.Packer.Gen) -> Value: MKZe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKZe (Malware.Packer.Gen) -> Value: MKZe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRoMc (Malware.Packer.Gen) -> Value: HNUqOXRoMc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\HNUqOXRoMc (Malware.Packer.Gen) -> Value: HNUqOXRoMc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRouqc (Malware.Packer.Gen) -> Value: HNUqOXRouqc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKdw+ (Malware.Packer.Gen) -> Value: MKdw+ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKdw+ (Malware.Packer.Gen) -> Value: MKdw+ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRrrb (Malware.Packer.Gen) -> Value: HNUqOXRrrb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKewe (Malware.Packer.Gen) -> Value: MKewe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKewe (Malware.Packer.Gen) -> Value: MKewe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRsPc (Malware.Packer.Gen) -> Value: HNUqOXRsPc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRspe (Malware.Packer.Gen) -> Value: HNUqOXRspe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRrse (Malware.Packer.Gen) -> Value: HNUqOXRrse -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRnoc (Malware.Packer.Gen) -> Value: HNUqOXRnoc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRnyc (Malware.Packer.Gen) -> Value: HNUqOXRnyc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKayc (Malware.Packer.Gen) -> Value: MKayc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRrta (Malware.Packer.Gen) -> Value: HNUqOXRrta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKbuqc (Malware.Packer.Gen) -> Value: MKbuqc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKbuqc (Malware.Packer.Gen) -> Value: MKbuqc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRsa (Malware.Packer.Gen) -> Value: HNUqOXRsa -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKfPc (Malware.Packer.Gen) -> Value: MKfPc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRsre (Malware.Packer.Gen) -> Value: HNUqOXRsre -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRotc (Malware.Packer.Gen) -> Value: HNUqOXRotc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRnZ (Malware.Packer.Gen) -> Value: HNUqOXRnZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRre (Malware.Packer.Gen) -> Value: HNUqOXRre -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKZSc (Malware.Packer.Gen) -> Value: MKZSc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKZSc (Malware.Packer.Gen) -> Value: MKZSc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MKaZ (Malware.Packer.Gen) -> Value: MKaZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\MKaZ (Malware.Packer.Gen) -> Value: MKaZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\HNUqOXRprc (Malware.Packer.Gen) -> Value: HNUqOXRprc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Value: TBXQRHV4KR -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\dzccjsfe.dll (Spyware.Agent) -> Delete on reboot.
c:\documents and settings\eren\application data\6b6701131eff4f1be396ba5ca045e509\arg70techsdk .exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Documents and Settings\eren\Local Settings\Temp\z577i.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\Documents and Settings\eren\Local Settings\Temp\l8k1x7p5.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\Documents and Settings\eren\Local Settings\Temp\ob2oz.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\Documents and Settings\eren\Local Settings\Temp\system.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Documents and Settings\eren\Local Settings\Temp\lsass.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\WINDOWS\avp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Documents and Settings\eren\Local Settings\Temp\gdi32.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\documents and settings\eren\local settings\Temp\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\nvsvc32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\sysmgm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\win16.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\win.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\win16.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\wininst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\avp32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\login.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uevjg0.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pjxgjcohi.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\59.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\igumwc.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\hlegd.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\err.log2175312 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\rxscmwanoe.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\msmgm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\62.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\rnaomsxewc.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\qjy6s8yeg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\jpff5ma9ziaf.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\wrhrbm8dp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\2968850146.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\win32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\2678882850.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\eren\local settings\Temp\3555009304.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\65.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\58.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\64.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\66.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\67.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\uvexozabo.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\eren\application data\Adobe\plugs\kb2191953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\eren\application data\Adobe\plugs\kb2190312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\eren\application data\Adobe\plugs\kb2191203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\WINDOWS\Epabua.exe (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
I did a second scan and it came out clean. But today it seems to be crashing FF every other minute, the computer is SUPER slow, everything seems to stop working and I don't know what to do anymore. I'm already backing up all my files, but I have a nasty feeling that this isn't over for my computer. I have bank accounts etc. and am getting on to calling them in case anything should happen. What do I do now? Is there a way to fix my computer? What risks are there after getting hit by something like this? Has anyone had this happen to them before? Why does it even happen? Can I back up the last settings my computer had incase something happens to it? Please, please I really need someone to help because I have years of work here TT___TT
EDIT:
The computer did a CHKDSK and it came out with something like this:
C:\Documents and settings\LocalService\Temp\Temporary Internet Files\Content.IE5\B02JNLQT\narcancl[2]
C:\Windows\Prefetch....
I didn't get most of the info down, but it was mostly those Temporary Internet Files.
Spybot found:
MTC.MAKEMESEARCH.com
HKEY_LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\Search Toolbar
And something called 'Buzzdock' is bothering me with ads on FF -____-; how do I get rid of that? And now I keep being redirected to 'http://www.goingonearth.com/' when i click on link in google. =__= help?
Register Member login
Results 1 to 4 of 4
- 04-19-2011, 02:31 PM #1Yaoi Legend
- Join Date
- Sep 2007
- Location
- Нью Йорк, США
- Posts
- 1,492
- Points
- 108,888,644
- Savings
- 530,200,000
Help with Antimalware Doctor effects
Okay, apparently every other month I seem to have a problem XD.
So yesterday 'Antimalware Doctor' downloaded itself unto one of my computers. I couldnt do much but stare for a spit second before reacting and trying to get rid of it. After about an hour I had finally gotten rid of the stupid thing, but when my computer restarted there was no tool bar or anything, on the second try it appeared. I ran Malwarebytes and it came out with this:
I did a second scan and it came out clean. But today it seems to be crashing FF every other minute, the computer is SUPER slow, everything seems to stop working and I don't know what to do anymore. I'm already backing up all my files, but I have a nasty feeling that this isn't over for my computer. I have bank accounts etc. and am getting on to calling them in case anything should happen. What do I do now? Is there a way to fix my computer? What risks are there after getting hit by something like this? Has anyone had this happen to them before? Why does it even happen? Can I back up the last settings my computer had incase something happens to it? Please, please I really need someone to help because I have years of work here TT___TT
EDIT:
The computer did a CHKDSK and it came out with something like this:
C:\Documents and settings\LocalService\Temp\Temporary Internet Files\Content.IE5\B02JNLQT\narcancl[2]
C:\Windows\Prefetch....
I didn't get most of the info down, but it was mostly those Temporary Internet Files.
Spybot found:
MTC.MAKEMESEARCH.com
HKEY_LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\Search Toolbar
And something called 'Buzzdock' is bothering me with ads on FF -____-; how do I get rid of that? And now I keep being redirected to 'http://www.goingonearth.com/' when i click on link in google. =__= help?Last edited by crisislover; 04-19-2011 at 03:44 PM. Reason: new info
- 04-19-2011, 04:05 PM #2Yaoi Lover
- Join Date
- May 2007
- Location
- In the crashing world of Maya 2012
- Posts
- 656
- Points
- 1
- Savings
- 13,132,642
1. do a back up of your important files (my dicuments, back up favourites if needed)
2. Download Hijack This, do a systemscan+log and save it
HijackThis - Trend Micro USA
2. read the rules and post a topic here:
Virus, Trojan, Spyware, and Malware Removal Logs - BleepingComputer.com
You will need to paste the following info: your OS, the malwarebytes log and the hijack this log
The people at the forum are very good at reading logs, Hijack this can remove registry keys and entries you can read if there is a virus running in the background because it shows a process that is running in for example Taskmanager and shows you to what .dll it is linked to (and so it pretty much maps it out).
At this point I would suggest running Combofix, but if everything is crashing it make make even more things unstable. They might suggest it if it is needed.
Just follow their instructions.
If you ask me you have more infection than just a fake malware scanner one, if you are being linked to other sites when clicking on google results you might have that nasty google redirect virus that is hanging about as well.
If you do work it out somehow I would suggest when using FF to have AddBlockPlus and perhaps a shield on antivirus in the BG like Avast.Last edited by KarumA; 04-19-2011 at 04:08 PM.
-
User Says Thank You to KarumA:
- 04-19-2011, 04:26 PM #3Yaoi Legend
- Join Date
- Sep 2007
- Location
- Нью Йорк, США
- Posts
- 1,492
- Points
- 108,888,644
- Savings
- 530,200,000
@KarumA: Ok, it seems you're right about having more than just this problem so far. There are also these nows:
This is what TaskManager is running now:
http://s530.photobucket.com/albums/d...lo/rinka02.png
http://s530.photobucket.com/albums/d...lo/rinka03.png
EDIT: Ah, I went and posted this problem at bleepingcomputer, so thanks for that reference and hopefully all is fixed soon.Last edited by crisislover; 04-19-2011 at 08:26 PM.
- 04-20-2011, 04:35 AM #4Yaoi Lover
- Join Date
- May 2007
- Location
- In the crashing world of Maya 2012
- Posts
- 656
- Points
- 1
- Savings
- 13,132,642
There are some suspicious processes running in the background, so yes you are still infected.
For example look at the MDM.EXE int he taskmanager and compare it to this one:
mdm.exe - What is mdm.exe?
The odd thing I found is that it has capitals in both exe and name, which virusses sometimes do because they try and take over a legit process but because they cannot carry the same name they use capitals or one extra letter. I also think mdm should be run under System and not your account.
Do not do the scan on that website, because many are fake anti malware scanners out there. There is only a select few that are really good.
Reply With Quote 
Posting Permissions
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.
Live Threads provided by AJAX Threads (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Shoutbox provided by vBShout (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
All times are GMT -5. The time now is 01:39 AM.
