Yesterday i got that screen looking for money to unlock my computer, I was able to reboot into safemode and run malwarebytes which removed some things.
I worked well for the rest of the day and now this morning it came back how do i get rid of this thing?!
I keep noticing a pop up at the bottom from Malwarebytes saying
"successfully blocked access to a potentially malicious website: 95.211.194.79
Type: Outgoing
Port:60277, Process:svhost.exe"
here is my log:
malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.31.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
pamato :: ENPUSREML0278 [administrator]
Protection: Enabled
5/31/2013 8:23:04 AM
mbam-log-2013-05-31 (08-23-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273230
Time elapsed: 9 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\pamato\rundll32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\pamato\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
(end)
Thanks
I worked well for the rest of the day and now this morning it came back how do i get rid of this thing?!
I keep noticing a pop up at the bottom from Malwarebytes saying
"successfully blocked access to a potentially malicious website: 95.211.194.79
Type: Outgoing
Port:60277, Process:svhost.exe"
here is my log:
malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.31.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
pamato :: ENPUSREML0278 [administrator]
Protection: Enabled
5/31/2013 8:23:04 AM
mbam-log-2013-05-31 (08-23-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273230
Time elapsed: 9 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\pamato\rundll32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\pamato\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
(end)
Thanks