helping my mom

system · January 17, 2009, 8:45pm

Hi, I’m a first time forum user my mothers computer seems to have gotten infected with the wimad{drp}. There are a few incedents reported in the chest but I would like to make sure the comp is clean for her use

polonus · January 17, 2009, 9:00pm

Hi graveash,

You can disable system restore and then follow the instructions found in this thread:
https://www.bullguard.com/forum/10/Removing-Wimad---urgent_69465.html

polonus

DavidR · January 17, 2009, 9:07pm

I take it that avast detected this ?

If so, what is the infected file name/s, where was it/they found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

What action did your mother take upon detection ?

avast chest:

The only area you should be interested in is the Infected Files section, this is where the files detected by avast and selected by you to move to the chest are placed.
The User Files section is where the user can add files they suspect of being malware but not detected by avast.
The System Files section is where avast keeps back-up copies of important system files in case the original becomes infected (leave them alone).

system · January 17, 2009, 10:56pm

Hi thank you all for the quick responses I ran MBAM and this is what I came up with

Malwarebytes’ Anti-Malware 1.33
Database version: 1663
Windows 5.1.2600 Service Pack 2

1/17/2009 5:44:12 PM
mbam-log-2009-01-17 (17-44-12).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 266539
Time elapsed: 1 hour(s), 45 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) → Quarantined and deleted successfully.
C:\System Volume Information_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP167\A0048347.dll (Adware.BHO) → Quarantined and deleted successfully.

system · January 17, 2009, 11:08pm

Is there an easy way to submit avast log I have alot of aavm errors they seem to happen everytime the creen saver starts

DavidR · January 17, 2009, 11:24pm

Re the MBAM log (boy was it slow):
I think the askbar.dll (and associated registry entries) are probably a bit on the harsh side assuming it relates to using ASK as your search engine of choice, especially if you decided to do that.

asksbar.dll is a Ask Toolbar belonging to Ask Toolbar for Internet Explorer from Ask.com

http://www.what-is-exe.com/filenames/asksbar-dll.html

Other than than that the item in the C:\System Volume Information_restore point is better removed if there is any suspicion it might be infected as you don’t want to use system restore in the future only to find you could be infecting your system.

The C:\Program Files\Alwil Software\Avast4\DATA\Warning.log contains the information displayed in the log viewer warning section, open with notepad and copy and paste the entries relating to any virus alerts.

AAVM errors are nothing to be concerned with, I only go looking if errors are displayed to the screen. You could post a few examples relating to the AAVM/screen saver errors, though I’m more concerned about the system security.

system · January 18, 2009, 12:39am

I’m not able to work on her computer anymor tonight so I will have to resume work tommorow or the day after. An error message poped up from avast when the screen saver started to run (during MBAM scan) I neglected to write down the file and pathname from it as I had already moved the mouse. When the screen saver dissapeared I was at the login screen sighned back in and mbam was still running

DavidR · January 18, 2009, 12:58am

OK, until then.

system · January 21, 2009, 4:52am

Ok I’m still nowhere near my mothers computer, but since I found this forum I’ve been thouroghly absorbed by the information I’ve found through-out. I was wondering if anyone could help me out with links to more information on how alot of it works(windows XP & Vista hijack this any knowledge I can come across). I seem to have gone through most of the information I’ve managed to scrounge up with my limited knowledge.

system · January 21, 2009, 6:37am

You could register at Malwarebytes forum:
http://www.malwarebytes.org/forums

PC Self Help Articles and Guides is interesting:
http://www.malwarebytes.org/forums/index.php?s=f5b961fa04eb0f4f1b8093975b4d0b22&showforum=52

By the way, running a Full scan in MBAM is rarely needed as a Quick scan will find the malware 99.9% of the time.

system · January 21, 2009, 9:35pm

I thank you very much Kenny

helping my mom

Announcements