Jump to content

Change Mode

Moms Laptop Has A Virus


kristina

Recommended Posts

My moms cousins facebook was hacked and she thought maybe she could have a virus so i ran Avira and she does. I'm gonna check my computer as well hopefully i don't have one. Any help in removing this, i'm running malwarebytes on her laptop right now.

 

 

 

Avira AntiVir Personal

Report file date: Saturday, April 16, 2011 14:25

 

Scanning for 2565553 virus strains and unwanted programs.

 

The program is running as an unrestricted full version.

Online services are available:

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : JANE-HP

 

Version information:

BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 4/16/2011 18:25:03

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 4/16/2011 18:25:05

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:38:00

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:38:05

VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:38:10

VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:38:11

VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:38:11

VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:38:11

VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:38:11

VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:38:11

VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:38:11

VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:38:12

VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:38:12

VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:38:12

VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 18:24:47

VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 18:24:49

VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 18:24:49

VBASE016.VDF : 7.11.6.114 2048 Bytes 4/14/2011 18:24:50

VBASE017.VDF : 7.11.6.115 2048 Bytes 4/14/2011 18:24:50

VBASE018.VDF : 7.11.6.116 2048 Bytes 4/14/2011 18:24:50

VBASE019.VDF : 7.11.6.117 2048 Bytes 4/14/2011 18:24:50

VBASE020.VDF : 7.11.6.118 2048 Bytes 4/14/2011 18:24:50

VBASE021.VDF : 7.11.6.119 2048 Bytes 4/14/2011 18:24:50

VBASE022.VDF : 7.11.6.120 2048 Bytes 4/14/2011 18:24:51

VBASE023.VDF : 7.11.6.121 2048 Bytes 4/14/2011 18:24:51

VBASE024.VDF : 7.11.6.122 2048 Bytes 4/14/2011 18:24:51

VBASE025.VDF : 7.11.6.123 2048 Bytes 4/14/2011 18:24:51

VBASE026.VDF : 7.11.6.124 2048 Bytes 4/14/2011 18:24:51

VBASE027.VDF : 7.11.6.125 2048 Bytes 4/14/2011 18:24:51

VBASE028.VDF : 7.11.6.126 2048 Bytes 4/14/2011 18:24:52

VBASE029.VDF : 7.11.6.127 2048 Bytes 4/14/2011 18:24:52

VBASE030.VDF : 7.11.6.128 2048 Bytes 4/14/2011 18:24:52

VBASE031.VDF : 7.11.6.143 70144 Bytes 4/15/2011 18:24:53

Engineversion : 8.2.4.208

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 20:09:54

AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/10/2011 20:38:32

AESCN.DLL : 8.1.7.2 127349 Bytes 4/10/2011 20:38:31

AESBX.DLL : 8.1.3.2 254324 Bytes 4/10/2011 20:38:33

AERDL.DLL : 8.1.9.9 639347 Bytes 4/10/2011 20:38:30

AEPACK.DLL : 8.2.6.0 549237 Bytes 4/10/2011 20:38:29

AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/10/2011 20:38:28

AEHEUR.DLL : 8.1.2.98 3441014 Bytes 4/16/2011 18:24:58

AEHELP.DLL : 8.1.16.1 246134 Bytes 4/10/2011 20:38:22

AEGEN.DLL : 8.1.5.4 397684 Bytes 4/10/2011 20:38:21

AEEMU.DLL : 8.1.3.0 393589 Bytes 4/10/2011 20:38:20

AECORE.DLL : 8.1.20.2 196982 Bytes 4/10/2011 20:38:19

AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 20:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 20:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 20:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 20:09:55

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 4/16/2011 18:25:04

AVARKT.DLL : 10.0.22.6 231784 Bytes 4/16/2011 18:24:59

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 20:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 20:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 20:10:08

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: Saturday, April 16, 2011 14:25

 

Starting search for hidden objects.

C:\Program Files\Common Files\Microsoft Shared\Windows Live

C:\Program Files\Common Files\Microsoft Shared\Windows Live

[NOTE] The registry entry is invisible.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '75' Module(s) have been scanned

Scan process 'avscan.exe' - '30' Module(s) have been scanned

Scan process 'avguard.exe' - '69' Module(s) have been scanned

Scan process 'avcenter.exe' - '75' Module(s) have been scanned

Scan process 'FlashUtil10o_ActiveX.exe' - '34' Module(s) have been scanned

Scan process 'HPAdvisor.exe' - '103' Module(s) have been scanned

Scan process 'YCMMirage.exe' - '36' Module(s) have been scanned

Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned

Scan process 'avgnt.exe' - '56' Module(s) have been scanned

Scan process 'jusched.exe' - '26' Module(s) have been scanned

Scan process 'SeaPort.EXE' - '49' Module(s) have been scanned

Scan process 'HPMSGSVC.exe' - '47' Module(s) have been scanned

Scan process 'HPWMISVC.exe' - '37' Module(s) have been scanned

Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned

Scan process 'DVMExportService.exe' - '37' Module(s) have been scanned

Scan process 'CinemanowSvc.exe' - '40' Module(s) have been scanned

Scan process 'sched.exe' - '50' Module(s) have been scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '95' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\Users\Jane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\50205f1a-19055ebb

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.A Java virus

--> encode/ISO.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.A Java virus

--> lang_driver/cp1251.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.F Java virus

--> lang_driver/restore.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.A Java virus

Begin scan in 'D:\' <RECOVERY>

 

Beginning disinfection:

C:\Users\Jane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\50205f1a-19055ebb

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.A Java virus

[NOTE] The file was moved to the quarantine directory under the name '48b64991.qua'.

 

 

End of the scan: Saturday, April 16, 2011 15:24

Used time: 58:35 Minute(s)

 

The scan has been done completely.

 

27263 Scanned directories

492706 Files were scanned

3 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

492703 Files not concerned

1884 Archives were scanned

0 Warnings

1 Notes

436188 Objects were scanned with rootkit scan

1 Hidden objects were found

Link to post
Share on other sites

Malwarebytes was clean

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 6375

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

4/16/2011 4:07:37 PM

mbam-log-2011-04-16 (16-07-37).txt

 

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 307613

Time elapsed: 39 minute(s), 9 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You've probably already tried this, but you can right-click BD icon; one of the options appearing should be "run as administrator". Left-click and see if this allows you to run your scan.

Link to post
Share on other sites

Delete the quarantined infection:

 

Beginning disinfection:

C:\Users\Jane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\50205f1a-19055ebb

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.A Java virus

[NOTE] The file was moved to the quarantine directory under the name '48b64991.qua'.

 

Download ATF Cleaner http://www.atribune.org/

Click "Main" > check 'select all' (except Prefetch in Vista and Win7) this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

 

Update Java ....

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u24 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

Run a full scan with Avira, after updating it.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...