Hi,
Comp was infected with XP Smart Security 2010, used online guide found here http://deletemalware.blogspot.com/2010/01/how-to-remove-xp-internet-security-2010.html
Unfortunately on restart I have noticed that problems remain with malware attempting to access a number of url’s when firefow was opened. Below is the log from the malwarebytes scan, I am currently running a full scan with malwarebytes as well as a scan using SUPER antispyware. Just wondering if you had any suggestions on further actions I might take.
Thanks.
alwarebytes' Anti-Malware 1.45 www.malwarebytes.orgDatabase version: 4033
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.55124/25/2010 6:25:39 PM
mbam-log-2010-04-25 (18-25-39).txtScan type: Quick scan
Objects scanned: 104315
Time elapsed: 8 minute(s), 19 second(s)Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1Memory Processes Infected:
C:\Documents and Settings\Sam\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) → Unloaded process successfully.Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command(default) (Hijack.StartMenuInternet) → Bad: (“C:\Documents and Settings\Sam\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”) Good: (firefox.exe) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command(default) (Hijack.StartMenuInternet) → Bad: (“C:\Documents and Settings\Sam\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”) Good: (iexplore.exe) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command(default) (Hijack.StartMenuInternet) → Bad: (“C:\Documents and Settings\Sam\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode) Good: (firefox.exe -safe-mode) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.Folders Infected:
(No malicious items detected)Files Infected:
C:\Documents and Settings\Sam\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) → Quarantined and deleted successfully.