Jump to content

Change Mode

Problem?


dlindop

Recommended Posts

I run Kaspersky Internet Security 2012 & Superantispyware on windows XP, I've run both in normal and safe mode not picking anything up. Since Kaspersky keeps flashing a dialoge box about "HEUR.Trojan.Script.Generic" requesting access and which it then blockes.

 

But I don't seem able to get rid of it, anybody got any idea's

 

Regards,

 

dlindop

Link to post
Share on other sites

Pending the arrival of folks who actually know what they're doing, here are a couple of Granny's Chicken Soup Hey It Can't Hurt things. (1) A quick Google shows that Kaspersky can show HEUR as a false positive, but don't assume that it is. If possible, you need to send a scan log to Kaspersky Labs. (2) Clear you cache, esp. if you run Firefox. (3) Superantispyware is excellent, but you need to download, update and run Malwarebytes.

 

If you have difficulties, try running in Safe Mode (w/network).

 

If we're both lucky, MBAM will do the job. If not, no harm done -- when the grown-ups come along this is the first thing they will have you do, anyway.

Link to post
Share on other sites

Thanks for the input, I had looked at google, but decided it was something more serious when Superantispyware kept stopping a home page change.

 

I've have downloaded and am currently running MBAM full scan and stinger in normal windows mode.

 

Then plan to run Kaspersky again

 

Kept you posted on the outcomes

Link to post
Share on other sites

Registry Keys Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 13aba6d1d54068cdb89fbdde6b9f2b00 -> Quarantined and deleted successfully.

 

The above is what MBAM came up with.

Link to post
Share on other sites

Now you need to download and run DDS...get the program here > http://download.bleepingcomputer.com/sUBs/dds.scr

Run it like this:

Disable any script blocking protection (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html)

Double click on the DDS icon to run the tool (may take up to 3 minutes to run).

When done, DDS.txt will open.

After a few moments, attach.txt will open in a second window.

Save both reports to your desktop.

Please post the contents of the DDS.txt and Attach.txt logs in a new thread that you start here > .http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

 

Please start the new thread with your Malwarebytes log, then add the two DDS logs. Be patient and wait for help from our Trusted Malware Techs... ;)

 

 

 

 

:geezer:

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...