Thanks Ron and everyone who helped...
After running that rkill.exe I updated malwarebytes in safe mode and did a
full scan. It found a bunch more and after I rebooted in normal mode My
McAfee logged on to it's website and updated!! So, I think I finally got
it?? I'll include a copy of the log so everyone can see what I was fighting.
I'm nolonger hijacked...just went to avg.com in normal mode. It would block
it or redirect it before.
Gregg
Malwarebytes' Anti-Malware 1.44
Database version: 3909
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
3/24/2010 3:55:34 PM
mbam-log-2010-03-24 (15-55-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 165806
Time elapsed: 13 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swoko
(Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql600oko
(Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QL600OKO
(Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWOKO
(Worm.KoobFace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\drivers\mrxoko.sys (Worm.KoobFace) -> Quarantined and
deleted successfully.
----- Original Message -----
From: "Ron Jobe" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, March 23, 2010 9:13 AM
Subject: Re: [PCSOFT] can't get rid of a redirecting/browser hijacking Virus
> Try downloading rkill.exe prior to running MalwareBytes. This is a
> program
> which will terminate a few hundred of the better known infections which
> don't allow you to successfully run a variety of cleaning programs. You
> may
> need to rename both programs (rkill and malwarebytes) prior to running
> them
> on the infected machine. Read more about rkill at
> http://www.technibble.com/rkill-repair-tool-of-the-week/
>
> Ron Jobe
>
> On Tue, Mar 23, 2010 at 2:57 AM, Gregg Pfaff <[log in to unmask]> wrote:
>
>> I can't seen to remove the remainder of a virus which was picked up on
>> facebook. I've tried the windows malicious software removal tool, AVG,
>> McAfee, HijackThis, Ad ware, MalwareBytes...etc. Most virus files are
>> removed but the problem I still have is it redirects my browser away from
>> antivirus sites and wouldn't let me update AVG antivirus database so, I
>> downloaded the trial version of McAfee while in safe mode. The
>> redirecting
>> doesn't occur while in safe mode. any suggestions before I'm forced to
>> reformat and reinstall everything? I'm running XP pro and IE8 on a Dell
>> latitude D620 laptop.
>> Gregg
>>
>> Curious about the people moderating your
>> messages? Visit our staff web site:
>> http://freepctech.com/staff.shtml
>>
>
> Curious about the people moderating your
> messages? Visit our staff web site:
> http://freepctech.com/staff.shtml
Do you want to signoff PCSOFT or just change to
Digest mode - visit our web site:
http://freepctech.com/pcsoft.shtml
|