Tech Support Forum - View Single Post

teenzbutler · 05-14-2008, 08:47 AM

Thanks for getting back to me. I realize you guys are very busy. We just appreciate all your help. This computer has two users. While logged on as one user, I went through the cleanup and everything appears to be OK. Then, when I log on as the second user, the issue reappeared. So I believe I need to go through the same process on both logons. Would you mind if I post the Hijackthis log for the other account after we are done with this one? In any case, here is the MBAM log:

Malwarebytes' Anti-Malware 1.12
Database version: 746

Scan type: Quick Scan
Objects scanned: 41168
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\69.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

I also found "ctfmona.exe" which was in the MSCONFIG Startup. I unchecked that from the startup as well. Let me know your thoughts.

05-14-2008, 08:47 AM	#3 (permalink)
teenzbutler Registered User Join Date: May 2008 Posts: 11 OS: Windows XP SP2	Re: Warning Virus Background Appears Thanks for getting back to me. I realize you guys are very busy. We just appreciate all your help. This computer has two users. While logged on as one user, I went through the cleanup and everything appears to be OK. Then, when I log on as the second user, the issue reappeared. So I believe I need to go through the same process on both logons. Would you mind if I post the Hijackthis log for the other account after we are done with this one? In any case, here is the MBAM log: Malwarebytes' Anti-Malware 1.12 Database version: 746 Scan type: Quick Scan Objects scanned: 41168 Time elapsed: 5 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\69.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully. I also found "ctfmona.exe" which was in the MSCONFIG Startup. I unchecked that from the startup as well. Let me know your thoughts.