the OS is a windows XP unlicensed (yes i know. i can’t find it to buy it at a reasonable price in my country, after the vista explosion. i do NOT want vista.)
so i did as advised above and used rogueremover (didn’t find any rogues) then installed and run a quick scan of the system with malwarebytes’ anti malware program. it found about 290 results of which there are some trojans and some adware.
avast didn’t tell me anything about these at any scans.
a lot of the trojans and other things mbam found in my system are located in the registry keys. if i delete them, will that kill my system? or those keys are only opened and used by the viruses?
please tell me if deleting them all might kill my OS
i am attaching the mbam scanlog. if anyone could help me, i would be grateful!!
i am tempted to just go ahead and delete them anyway… but i am scared of getting a system crash and i don’t have a boot disc…
HELP!
EDIT: the log is in romanian, anyway, what it says is that there were no dangerous infections found but there are those registry keys and files/folders infected with trojans and with adware.
mbam should have a quarantine function
do not delete
now you see why you run both RR and MBAM
can you post the MBAM log with a google translate or perhaps some of the Avast folk speak Romanian
there may be other things
can you try a DR Web Cure it scan?
I have some additional time to reply to your first post
First there are several baddies with power in their name
PowerAntivirus
PowerAntivirus 2009
Powerscan antivirus
you can see descriptions here http://www.2-viruses.com/remove-adwarepowerscan
go to the bar on the right to see two other Powerantivirus descriptions
any idea which one you have?
Any will slow your system including firefox
glad your boot time avast scan was almost virus free- an active virus makes removing malware even tougher
Do an on line AV scan soon
your system should be perfect for avast
Any MBAM experts out there that can answer poster’s question
i did a thorough scan of c: only (there are no programs installed on my second partition, i use it for storage of media files and the like), and it came up completely clean. no registry keys heads-up or anything.
so i ran yet another quick scan and lo! there are all the same infections. with the mention of, it said “scanning for active infections” and found none, then moved on to “scanning for infected registry keys” and found all these bugs.
aren’t all system files supposed to be where the OS is installed?! why do separate scans not find the same results?!
(i took a look at the 2-viruses site. it might’ve been the powerscan adware. but there’s no trace of it in the mbam scan, it detects instead a lot of adware.enrgyPlus or something, and also a lot of vundos.)
what if i place the files with viruses in the avast chest, will that be good enough to stop them from slowing down my system?..
i wanted to attach two screenprints of the scans, for comparison and my link died on me. it reached 14 kbs up then went dead - i should have a 7.3 mbs connection.
ok, moved all files mbam said were carrying vundo to the avast chest. will let you all know if it made a difference to the system’s performance.
so what exactly would happen if i deleted all registry keys with the adware.enrgy.Plus in them? there are a lot of them…
EDIT: added the translated scan results from mbam. it’s a google translation that i looked over to make sure it says the same things it says in ro. - now if i didn’t get the tech terms right please forgive me.
(btw, since “exiling” the files the system works a tad faster, though the online browsing hasn’t shown any improvement.)
MBAM
In the report there are boxes which are checked and you can right click on the entrie and select Quarantine, etc. so let MBAM deal with all
Superantispyware and Windows defender are reputed to get adware energy plus and should do all of that work for you
Vundo is more difficult SuperAntispy and Windows Defender will help depending on the version
are these compatible with avast? will avast stop them from working as they should?
if i get and install them, will they have to remain in my system? too many antispyware and antiadware and anti whatever make me anxious already, since they could all be in conflict with each other and detect each other as threats
we are only talking about on demand scanners here
nothing that runs every time you start up
so in effect they are only taking up disc space
paid versions of some of these programs do have real time monitoring
they will not conflict with avast
-note to self- check on windows defender
any comments from others?
did you move all of those entries by hand?
i selected the infected files through the “user files - add” option in the avast virus chest.
i browsed the atribune forum (for info on vundofix) and there’s a lot of tech there i don’t understand - it looks to me they’re dealing with each separate pc problem and not making a general fix.
i can’t get the vundofix, unless it’s a 117 kb file (somehow i doubt it’s so small). is it that small? i am not sure if it should be run if it might be corrupted.
quarantined and deleted the files. they’re not deleted from my computer, YET, since i have no idea how this will affect it.
i ran a speedtest after… download has increased to 3.6 MBS (edit: retested: 6.2 MB, which is good :)) from 250 kbs previously, but i seem not to be able to upload anything measurable.
what can this be?? firewall and antivirus settings aren’t blocking any site i recognize.
i’ve also scanned for another possible malware and updated the mbam database. no malware found
HI
Do this when you are fresh
first do the regular anti-spyware and AV apps
quarantine do not remove any hits
that should get rid of most of the bad stuff without you needing to worry about your os
If running MBAM and Super-antispyware do not get the Vundo
and Vundofix does not get it on the first pass
I’d consider going to the Atribune site http://www.atribune.org/forums/index.php?s=e54a45a6e4ee4b2a75db49ed58b2b444&showforum=9
and reading all the stickies and posting what ever they want there with a link to this post
They are the experts on this particular infection
stay cool- you can get this
Get some sleep
if you do go to a specialist malware removal site follow instructions exactly
ask questions
but do not do any fixes unless asked for
glad your internet is better- you are going to need it
well, it seems that the very restricted upload (got a 28 kbs on upload, as compared to 5.5 mbs steady download) it’s something with the network firewalls and settings. and i am not the admin so i guess i should stay cool indeed and wait for him to get his head around it.
i will try vundofix just to check out if mbam left something behind.
i am thinking my network server and other computer may have gotten the same virus - i tend to care for my AV to be updated and running well, but not all my colleagues do.
thank you again for all your help, i’ll post here if anything else goes well/bad
not off yet… had to uninstall and re-install java. it seems that older versions are doors for viruses.
vundofix did a fast scan and the system came out clean. upload still s*cks so i guess it IS the LAN blocking uptraffic and not my computer, cause i can download very well. i am guessing that the router/modem/whatever makes the connection to the internet needs a restart too. (we had some nice 3-per-minute power shutdowns when the electrical power failed due high usage - it’s a heat wave here, maybe those powerdowns did something to the hardware in my admin’s place. i can’t go there and check though.)
did you say windows defender? does that need to install or will it run a clean scan like vundofix?
dropping
EDIT: read something on it. i can’t use it, my xp is a clone
meanwhile let’s try http://www.superantispyware.com/
or an online antivirus scan
F protect - see list below we want to see both clean Anti spyware and Anti virus scans
or
DrWeb Cure It
for reference
here is a list of on line AV
I can only suggest full computer on-line scanning:
Kaspersky (very good detection rates) will not remove anything but will show if still infected
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)
WATCH FOR FALSE POSITIVES
Quarantine do not remove/delete
i will try an online scan when the upload speeds up. i don’t want to get stuck in an unfinished scan
umm, i had bitdefender once upon a time, and it announced all found viruses but took no action - or said it couldn’t delete them - so i ended up with 101+ malwares and that computer went dead (they had delivered it with everything installed and no motherboard or drivers’ installation cd so we couldn’t even wipe it and re-install windows on it. it left me a very bad taste and i don’t want to go close BD ever again.)
NOD32 has been used by people in my LAN, they’re not happy with it. i’ll try kaspersky online but i can’t right now, because of the speed.
(which is caused by the so lovely admin who actually created two separate network groups using the same internet access, of which one is used by the most of us and the other is set aside for a guy who plays CS day and night. wyrmrider, no offense if you’re a gamer, but boys and their games are… >:(
i am about 90% convinced he didn’t protect his computer since he’s carrying BD and if he stays connected so much, the uplink is used by the games and the adds he got.)
in the meantime, my computer speeded up when offline and i can do whatever i want with it, so that’s one great relief
If you have not run your on line av scan
usually I would recommend a Kaspersky AV scan at this point however JeanInMontana at the Malwarebytes forum recommends a Panda active scan to help with the fakeAV2008 infection had has posted a detailed how to here:
How To Do a Panda Active Scan and Save The Log, Complete With Illustration http://www.malwarebytes.org/forums/index.php?showtopic=2306
in addition Panda will remove what it finds for free (after asking you to buy)
I am hoping that you will be comfortable with this step by step instruction
If you are comfortable with Kaspersky go for it- just turn everything on
(Kaspersky will not quarantine so the log is essential!
with any scan watch for false positives and quarantine do not delete/ remove
(except for the funny instructions for MBAM
I never can get Bit Defender to work on my system either !