Crusader's infection thread
- Thread starter Crusader
- Start date
I ran the hijackthis and deleted the 04 things and when I ran hijackthis they came back up on the list as if I didn't hit the fix button. They are in the backup list though. Should they be put in the ignore list? I also did a malaware scan today and I came up with 4 hits. Cleared them and here is the log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6422
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
4/22/2011 5:49:05 PM
mbam-log-2011-04-22 (17-49-05).txt
Scan type: Quick scan
Objects scanned: 206573
Time elapsed: 18 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\DAD\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\DAD\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\DAD\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\DAD\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6422
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
4/22/2011 5:49:05 PM
mbam-log-2011-04-22 (17-49-05).txt
Scan type: Quick scan
Objects scanned: 206573
Time elapsed: 18 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\DAD\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\DAD\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\DAD\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\DAD\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
All it takes is visiting one bad website. Yes, I prefer AVAST instead of AVG now. Lets do a deeper scan and make sure there isn't anything hiding.
Uninstall AVG
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
In your next reply please post:
Uninstall AVG
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
http://www.bleepingcomputer.com/download/anti-virus/combofix
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
In your next reply please post:
- The ComboFix log
- A fresh HiJackThis log
- An update on how your computer is running
Last edited: