cancel
Showing results for 
Search instead for 
Did you mean: 

/sigh more Generic!Artemis x3

I have 3 infected folders and am unable to remove (via McAfee or through Vista), submit to WebImmune, or even zip so that I can submit them. They cannot be modified...

I don't know what to do now.

I am currently doing a full system scan with Malwarebyte's and will post log as soon as it is complete.

I am on Vista Home Basic.
McAfee found the viruses.
Below is the error log from WinZip when I tried to zip them to submit...


Action: Add (and replace) files Include subfolders: no Save full path: no
Include system and hidden files: yes
Adding Setup.exe
Warning: could not open for reading: C:\Users\RAC 4715\Downloads\Setup.exe
Adding Setup(2).exe
Warning: could not open for reading: C:\Users\RAC 4715\Downloads\Setup(2).exe
Adding Setup(3).exe
Warning: could not open for reading: C:\Users\RAC 4715\Downloads\Setup(3).exe
Copying Zip file


sad
2 Replies
Highlighted

Malwarebyte's log

In mid-scan, I got the blue crash screen (2nd time today...), PC rebooted, and I started in safe mode with networking to try and reach this page again, but I could not access the internet. I rescanned with Malwarebyte and here is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1778
Windows 6.0.6000

2/19/2009 1:17:43 PM
mbam-log-2009-02-19 (13-17-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148898
Time elapsed: 18 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango (Adware.180Solutions) -> No action taken.
C:\ProgramData\ZangoSA (Adware.Zango) -> No action taken.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> No action taken.




It found lots of Zango stuff, which were quarantined and deleted, but I can't find the Generic!Artemis files that McAfee reported.

They are located at:

C:\Users\RAC 4715\Downloads\Setup.exe
C:\Users\RAC 4715\Downloads\Setup(2).exe
C:\Users\RAC 4715\Downloads\Setup(3).exe

But in the McAfee detection logs, it shows that these files were found by Malwarebyte's Anti-Malware which is listed next to "Process"

I'm so confused.

I just want to get rid of those 3 files.

/sigh

RE: Malwarebyte's log

Just let Malwarebytes' Anti-Malware remove them and reboot if required.

By the way, Vista SP1 is available through Windows Update.