[Inactive] VMalwarebytes removed all programs?-dang kids
Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: [Inactive] VMalwarebytes removed all programs?-dang kids

  1. #1
    Join Date
    Apr 2012
    Posts
    10

    [Inactive] VMalwarebytes removed all programs?-dang kids

    My kids HP home school computer had a virus...

    SOOO---my wife downloaded Malwarebytes and ran it.

    Everything except Malwarebytes, adobe and IE are gone...

    IE still has a problem that it HIJACKS any of the searches (which was the original problem+ more)...

    I tried to open in Safemode and use SYSTEM RESTORE. It allows SYSTEM RESTORE to start but, once you pick a point to restore from and hit NEXT...it runs for a minute..then stops...If you click NEXT again, it does nothing until you pick a new restore point.

    Any help appreciated.

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    =============================================================

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

  3. #3
    Join Date
    Apr 2012
    Posts
    10

    update

    Your reply seemed 'generic'...

    The computer will not allow me to download and does not recognize the CD rom anymore.

  4. #4
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    The welcome part of the reply with instructions is given to all new members
    here in the intensive care forum.


    The pertinent part of the reply to you directly is below the double line.

    Can you download the program on another computer and transfer/run it
    via a thumb drive?

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your reply seemed 'generic'...
    I didn't want to sound rude, so I simply won't comment.

  6. #6
    Join Date
    Apr 2012
    Posts
    10

    update

    Broni----I am sorry if I offended you, It was a loong day.

    Anyway, UNHIDE did work.

    All the programs are back but:

    -IE is still being hijacked when I do a search.
    -I can not get Malwares to download or copy from a usb
    -I have AVG 2012. When I run it, it finds problems but can not fix them all

    ***I will be out of town for 3-4 days so my reply moving forward might be slightly delayed.

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Good news

    Complete required steps when ready...

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Reopened.

  9. #9
    Join Date
    Apr 2012
    Posts
    10

    UPDATE

    Ok,

    I started with MALWAREBYTES...
    The computer will no not connect to the internet.
    So could not update prior to running.

    Here is the log


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.04.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Parent :: K12-E92297E4956 [administrator]

    4/27/2012 1:31:47 PM
    mbam-log-2012-04-27 (13-31-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204013
    Time elapsed: 7 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\Temp\0.13905803992966592 (Exploit.Drop.9) -> Quarantined and deleted successfully.

    (end)

  10. #10
    Join Date
    Apr 2012
    Posts
    10

    UPDATE

    Last night I ran Malwares and GMER.

    Nothing detected but, not able to connect to the internet thru WIRELESS or when I plug cable directly in.

  11. #11
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Transfer the logs to a thumbdrive, as a example, and post using a different computer.

  12. #12
    Join Date
    Apr 2012
    Posts
    10
    The Malwares LOG is posted above...

    here is the GMER log.


    MER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-28 17:06:41
    Windows 5.1.2600 Service Pack 3
    Running: dqve4unt.exe; Driver: C:\DOCUME~1\Parent\LOCALS~1\Temp\pwndaaod.sys


    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB6093$\2809841349 0 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871 0 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\cfg.ini 256 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\L\ydobhgbn 162816 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\oemid 170 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\80000000.@ 66560 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\80000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\80000032.@ 115712 bytes
    File C:\WINDOWS\$NtUninstallKB6093$\3795514871\version 908 bytes

    ---- EOF - GMER 1.0.15 ----

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go on....

  14. #14
    Join Date
    Apr 2012
    Posts
    10
    I have posted the two logs....
    Appears all the virus is gone but, I am unable to connect to the internet with this computer. When I use wireless or plug in, it is unable to aquire network address.

  15. #15
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    There are two more scan logs that we need.. pls see the instruction thread..

    aswMBR.exe and dds scans are the next two

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •