system
April 30, 2010, 7:36pm
1
I have had to deal with this in the past but i do not remeber how i got it off before. Its my daughters laptop thats infected now. If someone can give some advice i would appreciate it.
I am unable to do much of anything, if i click fast enough i can run malwarebytes scan, it detects some stuff quarantines it but the problem is still there after reboot.
system
April 30, 2010, 7:45pm
2
hey nicole,
what is the name of this virus?
please post your malwarebytes log
Saty
system
April 30, 2010, 8:12pm
3
not sure of the name, cannot post the log because im working from my laptop. The one that is infected is totally useless. It looks like a windows scan window. “windows security alert” thats what pops up. hope this helps.
system
April 30, 2010, 8:18pm
4
there should be a name on the fake scanner, all rogues have this so try to pinpoint which on is difficult with just this information.
you can try a running a avast bootscan
you can try running malwarebytes in safe mode.
you can try also try this other on demand free scanner.
http://www.superantispyware.com/
be sure you update both malwarebytes and superantispyware before running the scan, sometimes the rogue virus will block this from happening, if this doesnt happen, you;ll need to go to safe mode with networking and try to get the updates.
when you get a chance please post the logs.
Saty
system
April 30, 2010, 8:22pm
5
how do i run it in “safe mode”?
system
April 30, 2010, 8:23pm
6
I missunderstood you,
windows seurity alert,
Im thinking malwarebytes and or superatispyware should get rid of this, if not, post the logs and someone will offer more assist if needed
Saty
system
April 30, 2010, 8:24pm
7
Safe mode,
power off, and power back on while tapping the F8 key,
Saty
system
April 30, 2010, 8:32pm
10
your welcome,
If non of that works here something for you to review.
I think this is the rogue you have. The steps shown are very similar with gettting rid of rogues.
http://www.bleepingcomputer.com/virus-removal/remove-security-central
let us know how things go and if you have any questions
good luck
Saty
system
April 30, 2010, 9:08pm
11
heres the log
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
4/30/2010 5:05:02 PM
mbam-log-2010-04-30 (17-05-02).txt
Scan type: Quick scan
Objects scanned: 128656
Time elapsed: 10 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twsuhcxp (Rogue.AntivirusSuite) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Suhail Ferrer\Local Settings\Application Data\owevtwhjm\towqtkwtssd.exe (Rogue.AntivirusSuite) → Quarantined and deleted successfully.
C:\Documents and Settings\Suhail Ferrer\Desktop\o.dat (Rogue.AntivirusSuite) → Quarantined and deleted successfully.
C:\Documents and Settings\Suhail Ferrer\Local Settings\Temp\BAHD.exe (Rogue.AntivirusSuite) → Quarantined and deleted successfully.
C:\Documents and Settings\Suhail Ferrer\Local Settings\Application Data\asam.exe (Trojan.Agent) → Quarantined and deleted successfully.
system
April 30, 2010, 9:12pm
12
nicole,
looks good, id suggest downloading, updating and running that superantispyware that i mentioned earlier just to get a second opinion.
hows your computer acting? better? no problems?
just a side note, i see your still running IE7, you may wish to upgrade to IE8. IE 8 is more secure than IE7.
Saty
system
April 30, 2010, 9:17pm
13
Yeah its working better, i cant get on the internet though unless im in safe mode??? any tips?
system
April 30, 2010, 9:29pm
14
hmm, in normal mode you cant the browser to open? But you can in safe mode networking?
your poxy setting might have been changed in normal mode. I dont know if you were using them before… you can go to tools, internet options, lan settings and see if they are different that what you had.
i suggest you download, update and scan with superantispyware to double check things.
Sat
Pondus
April 30, 2010, 9:32pm
15
see if step 4 to 7 here will help you get back online
Remove Antivirus Suite (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-suite
Probably needs a final manual clean
Download OTL to your Desktop
[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[ ]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\drivers*.sys /90
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt . These are saved in the same location as OTL.
[*]Attach both logs
Pondus
April 30, 2010, 9:56pm
18
got what ?..you have internett back ?