4 Replies Latest reply: Sep 5, 2008 11:50 AM by paullotion RSS

    Can't get rid of virus

      I have had a few for a week or two. The virus scann does not completely get rid of them. I do get messages from McAfee saying it has blocked or removed them but each time I boot the machine they come back. They change my wall paper and screen saver. The log in McAfee lists VBS/FakeAlert-AB and GenericPUP.x and they all reference the file C:Windows/System32/lphcr8jj0eg9l.exe.

      How can I get rid of this stuff? It doesn't seem to harm my machine but it is a pain to have to deal with every day.
        • 1. RE: Can't get rid of virus
          paullotion
          Hello,

          Download Malwarebytes ' Anti-Malware at Here or Here Double-click on mbam-setup.exe to install the application.

          * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
          * If an update is found, it will download and install the latest version.
          * Once the program has loaded, select Perform Full Scan, then click Scan.
          * The scan may take some time to finish, so please be patient.
          * When the scan is complete, click OK, then Show Results to view the results.
          * Make sure that everything is checked, and click Remove Selected.
          * When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
          * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
          * Copy & paste the entire report into your next reply.

          Extra Note:
          If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
          • 2. These are the results
            Malwarebytes' Anti-Malware 1.26
            Database version: 1113
            Windows 5.1.2600 Service Pack 3

            9/4/2008 3:42:37 PM
            mbam-log-2008-09-04 (15-42-37).txt

            Scan type: Full Scan (C:\|)
            Objects scanned: 131952
            Time elapsed: 50 minute(s), 0 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 2
            Registry Values Infected: 3
            Registry Data Items Infected: 0
            Folders Infected: 1
            Files Infected: 6

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

            Registry Values Infected:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcr8jj0eg9l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

            Files Infected:
            C:\WINDOWS\system32\lphcr8jj0eg9l.exe (Trojan.FakeAlert) -> Delete on reboot.
            C:\Documents and Settings\Steve Hunt\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Steve Hunt\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Steve Hunt\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Steve Hunt\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\Documents and Settings\Steve Hunt\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
            • 3. Success
              I have rebotted and do not have the problem any more. Thanks for your help!!!!
              • 4. RE: Success
                paullotion
                Glad we could help.