The definitive method for the Enhanced Protection Mode??

Hey there,

My wife got the virus from Facebook that led to the downloading of the flash update and made a big mess after that.

After reading the threads here and following the advices on one of them (get Malwarebytes, update it, disconnect the internet, uninstall Avast! and then running a Full scan with Malwarebytes), I wonder if there is anything else to do, any other scan/check to do to make sure that the damn thing won’t give a headache again. Now waiting for the full scan to finish, tomorrow morning (writing from Far East timezone) quarantine the trojan and run another scan.

If there is more to do please tell.

Thanks for the help!

Post the contents of the MBAM scan log or attach a .txt file (containing the contents) to your next post once the scan is complete so we can see what was found.

What about a boot time scan of avast! ?

This is never mentioned but it is very effective.

Otherwise maybe someone will notify Essexboy for you.

Well if avast didn’t see/detect this in normal mode it is possible that the same would be true in a boot-time scan.

Your right well at least me i would try it. Alway worth it.

I’ll try to get the scan report from my wife (she is not with me, I’m telling her what to do on the phone, sigh…) and post it tomorrow.

I have no idea of what is a boot time scan in avast… Sorry, not the sharpest knife in the kitchen when it comes to computers.

Thanks to all.

Scan got a section Scan Computer then > Boot-time Scan is a special scan from avast!.

Tell her also to dont uninstall avast! next time ;D.

Well, I already send him a few today, so lets send him one more :slight_smile:

Greetz, Red.

lol he going be like. RED !!! haha i already mind it. ;D

I would like to hear from the Virus Lab what they did with the link I have send to them. At least they should block the ip ( domain? ) asap.

Greetz, Red.

This is the log my wife got after the full scan. A bit short of info if you ask me…

[i]"
Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7230

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

23/07/2011 07:57:32
mbam-log-2011-07-23 (07-57-32).txt

Scan type: Full scan (C:|)
Objects scanned: 283581
Time elapsed: 4 hour , 59 minute , 51 second

Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 5
Regist"[/i]

Tell me if this is what you are looking for. My wife’s computer is extremely slow, the Quarantine in Malwarebytes has 58 items but looks like still has a bug in it.

Regards.

It looks like you are using Windows 7 SP1.

If that is correct, after you clean up your computer you should update to IE9.

IE8 is garbage.

I recommend buying Malwarebytes Pro and running the IP blocking feature. It has been effective in keeping computers away from the sites promoting rogue security malware.

Be sure to set the exceptions/exclusions in Avast as instructed on the Mawlarebytes site.

In all honesty I have found the MBAM IP blocking to be more hassle than its worth and has been disabled on both my systems.

Why?
I’ve used PeerBlock in the past. In Windows 7, more problems than good also: crashes, driver issues, etc.

Why, too damn sensitive, so lots of FPs (even some avast IP being blocked); not to mention this is meant to be malicious sites, but it includes many other categories which aren’t malicious.

When that happens it is a pain in the rear, so it didn’t last long as an enabled option for long. Also as far as malicious sites are concerned, I would rather trust the network and web shields to look after that area.

Ok, more or less the same I’ve expected. Thanks David.

No problem, most people just say as some do MBAM IP blocking, which is a bit too general as it is meant to be malicious website blocking. See the mbamUI, Protection (image), it is quite clear and for that description it isn’t tight enough.

Boys, you are off-topic :-\

To iggy1977,

That is just a small part of the MBAM log, please post the full log so we can see what it found. Btw I have no idea why Essexboy didn’t jump in, but I will pm him again.

Greetz, Red.

C-Nile virus maybe - but I am here now ;D
Hi lets see what you have - what are your current symptoms ?

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in


%USERPROFILE%..|smtmp;true;true;true /FP
%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.