Jump to content

Archived

This topic is now archived and is closed to further replies.

joe candy

ramnit virus

Recommended Posts

i think i have this virus, as mse shows as a threat. it keeps trying to run a cmd.exe (user account asks if i want to run it). i have done a system restore, which stopped the cmd.exe from running, but IE still tries to load, directing to a search website. i have read about this virus, many say a format and reinstall is required. is this the case for me? what do i have to do to know if i am clean?

Share this post


Link to post
Share on other sites

Lets start with having you download Malwarebytes Anti-Malware and save it to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

i ran it twice. here are the results;

 

1st run;

 

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

 

Database version: v2012.10.03.10

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19298

nev :: NEV-PC [administrator]

 

03/10/2012 21:42:19

mbam-log-2012-10-03 (21-42-19).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241068

Time elapsed: 21 minute(s), 30 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{DF22384F-CF68-4D19-969F-10423715528B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

2nd run;

 

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

 

Database version: v2012.10.03.10

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19298

nev :: NEV-PC [administrator]

 

03/10/2012 22:24:07

mbam-log-2012-10-03 (22-24-07).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241074

Time elapsed: 21 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

Thanks joe candy...now I need you to do this > Download DDS and save it to your desktop. Disable any script blocking protection (How to Disable your Security Programs)

Vista/Win7 right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run). XP just double click the icon to run the tool.

When done, DDS.txt will open.

After a few moments, attach.txt will open in a second window.

Save both reports to your desktop.

Please post the contents of the DDS.txt and Attach.txt logs in a new thread that you start here > http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

×
×
  • Create New...