0 Replies Latest reply on Dec 19, 2010 3:44 AM by wicket94

    removing a virus not detected by mcafee

      Hi

      I picked up a virus and started getting windows explorer popping up al over the place. I disconnected from the internet and ran mcafee scan straight away but nothing detected. I then used malwarebytes and it found 36 threats

       

      It then removed the threats and further scans haven't shown anything. mcafee still doesn't show anything and scans with stinger haven't shown anything.  So potentially clean

       

      However, I can't now get windows security service to stay enabled. It keeps disabling. and in safe mode mcafee real time scanning won;t enable. (It does in normal boot)

       

      So I'm a bit nervous not all the threats have been removed.

       

      I've attahced the original scan from malwarebytes and then the latest scan.

       

      Any advice please?

       

      first scan with threats:

      Malwarebytes' Anti-Malware 1.46

      www.malwarebytes.org

       

      Database version: 4562

       

      Windows 6.0.6002 Service Pack 2

      Internet Explorer 8.0.6001.18999

       

      17/12/2010 18:55:47

      mbam-log-2010-12-17 (18-55-47).txt

       

      Scan type: Quick scan

      Objects scanned: 164895

      Time elapsed: 20 minute(s), 31 second(s)

       

      Memory Processes Infected: 0

      Memory Modules Infected: 0

      Registry Keys Infected: 25

      Registry Values Infected: 0

      Registry Data Items Infected: 0

      Folders Infected: 7

      Files Infected: 4

       

      Memory Processes Infected:

      (No malicious items detected)

       

      Memory Modules Infected:

      (No malicious items detected)

       

      Registry Keys Infected:

      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6fa f1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18e a1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18e a9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1- 072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1- a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9- a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab- a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

       

      Registry Values Infected:

      (No malicious items detected)

       

      Registry Data Items Infected:

      (No malicious items detected)

       

      Folders Infected:

      C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

       

      Files Infected:

      C:\Users\Ray\downloads\RetrogamerSetup2.3.70.1.RGman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

      C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      second scan after removal

      Malwarebytes' Anti-Malware 1.46

      www.malwarebytes.org

       

      Database version: 4562

       

      Windows 6.0.6002 Service Pack 2 (Safe Mode)

      Internet Explorer 8.0.6001.18999

       

      17/12/2010 22:39:24

      mbam-log-2010-12-17 (22-39-24).txt

       

      Scan type: Full scan (C:\|)

      Objects scanned: 680329

      Time elapsed: 2 hour(s), 8 minute(s), 4 second(s)

       

      Memory Processes Infected: 0

      Memory Modules Infected: 0

      Registry Keys Infected: 0

      Registry Values Infected: 0

      Registry Data Items Infected: 0

      Folders Infected: 0

      Files Infected: 0

       

      Memory Processes Infected:

      (No malicious items detected)

       

      Memory Modules Infected:

      (No malicious items detected)

       

      Registry Keys Infected:

      (No malicious items detected)

       

      Registry Values Infected:

      (No malicious items detected)

       

      Registry Data Items Infected:

      (No malicious items detected)

       

      Folders Infected:

      (No malicious items detected)

       

      Files Infected:

      (No malicious items detected)