MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Possible Virus
August 23, 2019, 09:54:15 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 23, 2019, 09:54:15 AM

Login with username, password and session length
 
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Possible Virus  (Read 2083 times)
lowey
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 27


Bookmark and Share

View Profile
« on: September 03, 2010, 07:02:41 PM »

Hi, Please could I ask for your assistance. I booted up my computer today and received two popup messages in the notification area saying something like "there are serious security problems" and "windows has blocked some startup programs". I ran a full virus scan using my Kaspersky AntiVirus 6.0, which could only detect the following:
detected: Trojan program Trojan-Clicker.Win32.Delf.dwn   File: C:\Program Files\CodeGear\RAD Studio\6.0\Quickrep504C\Documentation\showtext.exe and
detected: Trojan program Trojan-Clicker.Win32.Delf.dwn   File: C:\Users\xxx\Downloads\Quick Reports 5.0\QR504PC2009.EXE//data0245

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: September 03, 2010, 11:16:59 PM »

Please run both these programs,Malwarebytes and Combofix..


Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix and place it on your Desktop.



http://download.bleepingcomputer.com/sUBs/ComboFix.exe


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing  before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.




Logged

An Australian Member of

EDDY
lowey
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 27


Bookmark and Share

View Profile
« Reply #2 on: September 07, 2010, 05:31:00 PM »

Hi Pancake,Thank you for your reply. Here is my MBAM log as requested:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4562

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

07/09/2010 18:16:26
mbam-log-2010-09-07 (18-16-26).txt

Scan type: Quick scan
Objects scanned: 145659
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: September 07, 2010, 10:21:46 PM »

And the Combofix ??
Logged

An Australian Member of

EDDY
lowey
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 27


Bookmark and Share

View Profile
« Reply #4 on: September 08, 2010, 04:58:05 PM »

Sorry, Please find attached.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: September 08, 2010, 10:14:30 PM »

Ok.All done.I see no more malware.This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box  and click OK.



ComboFix /Uninstall


Please read these for future reference it may save you future problems with malware:


http://www.pchelpforum.com/fixed-hijackthis-logs/59327-now-you-all-clean-afterwork.html

http://www.pchelpforum.com/fixed-hijackthis-logs/64964-so-you-want-prevent-happening.html

http://www.pchelpforum.com/fixed-hijackthis-logs/57400-how-did-i-get-infected.html

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
=============================


This will help clean up your system.

Please download ATF Cleaner by Atribune. http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
Logged

An Australian Member of

EDDY
lowey
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 27


Bookmark and Share

View Profile
« Reply #6 on: September 10, 2010, 06:49:58 PM »

Ok Thats great.Thank you very much. 
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: September 10, 2010, 10:14:36 PM »

Your welcome.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 07, 2019, 11:05:16 PM