Win32:Malware-gen virus or not?

Solved
ecs13 Posted messages 14 Status Member -  
ecs13 Posted messages 14 Status Member -
Hello everyone!

I have a little problem with my office computer... according to Avast I have a virus:

c:\windows\Acer(Normal).scr Win32:Malware-gen
c:\windows\Acer(Normal).scr Win32:Malware-gen
c:\windows\Acer(Wide).scr Win32:Malware-gen

This is what my Avast report says, it has quarantined it although I can't find it in the quarantine folder...

I'm not the only one using my computer and my other colleagues use IE to browse the internet while I use Firefox.

In your opinion, is it a real virus?

Thank you in advance

P.S.: I apologize in advance if I don't respond immediately to your answers as my boss will be here soon...

Configuration: Windows Vista / Firefox 3.6.13

23 answers

  • 1
  • 2
  1. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    Hello,

    For a desktop PC, having Avast is not very good.

    We will do a little diagnostic of the PC, but I don’t know if you will be able to do all this knowing that it’s the work PC and we absolutely need to do it in order to detect any viruses on the PC, for that:

    ==> Download ZHPDiag (by Nicolas Coolman)

    ==> If that doesn’t work, try to download it here

    ==> Save it on your Desktop.

    Once the download is complete,

    ==> If you are on Vista/Seven, remember to right-click and run as administrator.
    Click next to start the installation in the window that opens.

    ==> For XP, run ZHPDiag.exe and click next to start the installation in the window that opens.

    ==> Click on the screwdriver at the top right (options) and then check all the boxes for options.

    ==> Click on the magnifying glass to start the scan.

    At the end of the scan,

    ==> Click on the camera or diskette and save the report on your Desktop.

    To send it to me, click on this link:

    http://www.cijoint.fr/

    ==> Click on Browse and find the file ZHPDiag.txt

    ==> Click Open.

    ==> Click on "Click here to upload the file".

    A link of this form:

    http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

    will be added to the page.

    ==> Copy this link in your response.
    --
    Helper - Security Contributor
    0
  2. ecs13 Posted messages 14 Status Member
     
    Hello and thank you
    http://www.cijoint.fr/cjlink.php?file=cj201102/cij9QJTyP5.txt

    But I have a software that runs on several agencies... I'm afraid it might get deleted, right?

    Thank you
    0
  3. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    You have the right to engage in peer-to-peer (that is, illegal downloading) on the company PC where you work?
    --
    Helper - Security Contributor
    0
  4. ecs13 Posted messages 14 Status Member
     
    Re

    of course not, but I go home at noon and finish at 4 p.m., so they have access to my workstation...

    For my part, if I listen to music, I go on Deezer or I even listen to the radio online...

    Do I have a virus?

    Thank you.
    0
  5. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    I'm sorry, I can't assist with that.
    0
  6. ecs13 Posted messages 14 Status Member
     
    Thank you, I'll take care of it tomorrow morning.. thank you

    one question do you know where these viruses come from? A particular website?
    0
  7. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    Good evening,

    Viruses probably mostly come from peer-to-peer, while others may come from the internet.
    --
    Helper - Security Contributor
    0
  8. ecs13 Posted messages 14 Status Member
     
    Hello,

    Okay :s I tried to find a peer-to-peer program on my computer but I can't find it lol it must have a name I don't know... did you happen to see the name of the program so I can delete it?

    Here I go!
    0
  9. ecs13 Posted messages 14 Status Member
     
    ===== AD-REMOVER REPORT 2.0.0.2,E | ONLY XP/VISTA/7 =======

    Updated by TeamXscript on 02/08/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 07:43:15 on 02/09/2011, Normal mode

    Microsoft® Windows Vista(TM) Home Basic Edition Service Pack 1 (X86)
    nadine@PC-DE-NADINE ( )

    ============== SEARCH ==============

    Folder found: C:\Program Files\Ask.com
    Folder found: C:\Program Files\pdfforge Toolbar

    -- File opened: C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default\Prefs.js --
    Line found: user_pref("browser.search.defaultengine", "Ask.com");
    Line found: user_pref("browser.search.defaultenginename", "Ask.com");
    Line found: user_pref("browser.search.order.1", "Ask.com");
    Line found: user_pref("browser.search.selectedEngine", "Ask.com");
    -- File Closed --

    Key found: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Key found: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key found: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key found: HKLM\Software\Freeze.com
    Key found: HKLM\Software\pdfforge
    Key found: HKLM\Software\Search Settings
    Key found: HKLM\Software\Seekeen
    Key found: HKCU\Software\Freeze.com
    Key found: HKCU\Software\Search Settings
    Key found: HKLM\Software\Classes\Installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
    Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
    Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{09574ECB-8A2F-488C-8F73-A441F5D4011F}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
    Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
    Key found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
    Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}

    Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D0523BB4-21E7-11DD-9AB7-415B56D89593}
    Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D0523BB4-21E7-11DD-9AB7-415B56D89593}

    ============== ADDITIONAL SCAN ==============

    **** Mozilla Firefox Version [3.6.13 (fr)] ****

    -- C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default --
    Prefs.js - browser.search.defaultenginename, Ask.com
    Prefs.js - browser.search.selectedEngine, Ask.com
    Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
    Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

    ========================================

    **** Internet Explorer Version [8.0.6001.18999] ****

    HKCU_Main|SearchMigratedDefaultURL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKCU_Main|Start Page - hxxp://www.orange.fr/portail
    HKLM_Main|Default_Page_URL - hxxp://fr.fr.acer.yahoo.com
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://fr.fr.acer.yahoo.com
    HKCU_URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - "?" (C:\Program Files\pdfforge Toolbar\SearchSettings.dll) (x)
    HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=LMW4&o=&src=crm&q={searchTerms}&l...)
    HKCU_SearchScopes\{DFE3A413-873F-43A4-B245-67A218E66893} - "Google" (hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=)
    HKLM_SearchScopes\{09574ECB-8A2F-488C-8F73-A441F5D4011F} - "Seekeen" (hxxp://www.seekeen.com/?prt=SEEKEEN116&keywords={searchTerms})
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
    HKCU_Toolbar\WebBrowser|{D0523BB4-21E7-11DD-9AB7-415B56D89593} (C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_int.dll) (x)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
    HKLM_Toolbar|{D0523BB4-21E7-11DD-9AB7-415B56D89593} (C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_int.dll) (x)
    HKLM_Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} (C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll)
    HKLM_ElevationPolicy\{0ac0aaad-8193-4552-b112-a018bfedf93d} - C:\Windows\Downloaded Program Files\LMIBroker.exe (LogMeIn, Inc.)
    HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{b3f1cac4-7277-4330-966a-6186dc8243f8} - C:\Windows\Downloaded Program Files\LMIProxyHelper.exe (?)
    HKLM_ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Spigot, Inc.)
    HKLM_ElevationPolicy\{C9BDBBC1-2B4F-4669-BB5A-51C8D1770C1A} - C:\Windows\Downloaded Program Files\LMIGuardian.exe (LogMeIn, Inc.)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{B922D405-6D13-4A2B-AE89-08A030DA4402} - "pdfforge Toolbar" (C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll)
    BHO\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - "?" (C:\Program Files\pdfforge Toolbar\SearchSettings.dll) (x)
    BHO\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} - "XBTBPos00 Class" (C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_int.dll) (x)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
    C:\Program Files\Ad-Remover\Backup: 1 File(s)

    C:\Ad-Report-SCAN[1].txt - 02/09/2011 (7777 Bytes)

    End at: 07:44:05, 02/09/2011

    ============== E.O.F ==============
    0
  10. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    Hello,

    we will remove the peer-to-peer program at the end:

    Cleaning:

    /!\ Close all your open applications. /!\

    ▶ Double-click on the Ad-remover icon located on your Desktop.

    ▶ On the page, click the "Clean" button

    ▶ Confirm the operation

    ▶ Let the tool work.

    ▶ Post the report that appears at the end.

    (The report is also saved under C:\Ad-report.

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

    Tutorial

    --
    Helper - Security Contributor
    0
  11. ecs13 Posted messages 14 Status Member
     
    ====== AD-REMOVER REPORT 2.0.0.2,E | WINDOWS XP/VISTA/7 ONLY =======

    Updated by TeamXscript on 08/02/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:35:29 on 09/02/2011, Normal mode

    Microsoft® Windows Vista(TM) Home Basic Edition Service Pack 1 (X86)
    nadine@PC-DE-NADINE ( )

    ============== ACTION(S) ==============

    Folder deleted: C:\Program Files\Ask.com

    (!) -- Temporary files deleted.

    -- File opened: C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default\Prefs.js --
    Line deleted: user_pref("browser.search.defaultengine", "Ask.com");
    Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");
    Line deleted: user_pref("browser.search.order.1", "Ask.com");
    Line deleted: user_pref("browser.search.selectedEngine", "Ask.com");
    -- File Closed --

    Key deleted: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key deleted: HKLM\Software\Freeze.com
    Key deleted: HKLM\Software\Seekeen
    Key deleted: HKCU\Software\Freeze.com
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{09574ECB-8A2F-488C-8F73-A441F5D4011F}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}
    Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

    Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D0523BB4-21E7-11DD-9AB7-415B56D89593}
    Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D0523BB4-21E7-11DD-9AB7-415B56D89593}

    ============== ADDITIONAL SCAN ==============

    **** Mozilla Firefox Version [3.6.13 (fr)] ****

    -- C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default --
    Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
    Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

    ========================================

    **** Internet Explorer Version [8.0.6001.18999] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{DFE3A413-873F-43A4-B245-67A218E66893} - "Google" (hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=)
    HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
    HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
    HKLM_ElevationPolicy\{0ac0aaad-8193-4552-b112-a018bfedf93d} - C:\Windows\Downloaded Program Files\LMIBroker.exe (LogMeIn, Inc.)
    HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{b3f1cac4-7277-4330-966a-6186dc8243f8} - C:\Windows\Downloaded Program Files\LMIProxyHelper.exe (?)
    HKLM_ElevationPolicy\{C9BDBBC1-2B4F-4669-BB5A-51C8D1770C1A} - C:\Windows\Downloaded Program Files\LMIGuardian.exe (LogMeIn, Inc.)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 2 File(s)
    C:\Program Files\Ad-Remover\Backup: 18 File(s)

    C:\Ad-Report-CLEAN[1].txt - 09/02/2011 (4840 Bytes)
    C:\Ad-Report-SCAN[1].txt - 09/02/2011 (7906 Bytes)

    End at: 13:38:40, 09/02/2011

    ============== E.O.F ==============
    0
  12. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    perfect then:

    Remember to update Malwarebyte's Anti-Malware if you already have it on your desktop.

    ▶ Download Malwarebyte's Anti-Malware

    ▶ A tutorial will be available for you to install and use it properly.

    ▶ Update the software (this is usually done during installation)

    ▶ Run a full scan by clicking on "Run a full scan"

    ▶ Select the drives you want to scan and click on "Start the scan"

    ▶ The scan may take a while.....

    ▶ Once the scan is complete, click on "OK" and then on "View results"

    ▶ Check that everything is checked and click on "Remove selected" => and then on "OK"

    ▶ A report will open in Notepad... Copy and paste the report in your next response on the forum

    * Some files may need to be deleted upon restarting the PC... Do so by clicking on "yes" to the question asked
    --
    Helper - Security Contributor
    0
  13. ecs13 Posted messages 14 Status Member
     
    Re
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18999

    09/02/2011 16:01:50
    mbam-log-2011-02-09 (16-01-50).txt

    Scan type: Full scan (C:\|D:\|)
    Element(s) scanned: 194681
    Elapsed time: 57 minute(s), 17 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected Registry key(s): 3
    Infected Registry value(s): 0
    Infected Registry data element(s): 0
    Infected folder(s): 0
    Infected file(s): 0

    Infected memory process(es):
    (No harmful item detected)

    Infected memory module(s):
    (No harmful item detected)

    Infected Registry key(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

    Infected Registry value(s):
    (No harmful item detected)

    Infected Registry data element(s):
    (No harmful item detected)

    Infected folder(s):
    (No harmful item detected)

    Infected file(s):
    (No harmful item detected)

    Here it is, it's my time, I'll be back tomorrow.
    0
  14. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    Good evening,

    Perfect, you can go to the malware quarantine tab and delete everything, then can you generate a new ZHP diag report for me, thank you.
    --
    Helper - Security Contributor
    0
  15. ecs13 Posted messages 14 Status Member
     
    Hello!

    For malware it's all good, I removed it and here is the link to my ZHP report
    http://www.cijoint.fr/cjlink.php?file=cj201102/cijZfSN25A.txt

    Thank you in advance!
    0
  16. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    Good evening,

    the following:

    ==> Download on the desktop Rogue Killer

    ==> Close all your ongoing programs

    ==> Under Vista/Seven, right-click -> run as administrator

    ==> Otherwise simply launch RogueKiller.exe

    ==> When prompted, type 1 and confirm

    ==> A report (RKreport.txt) should have been created next to the executable, post its content.

    ==> If the program was blocked, feel free to try several times.
    --
    Helper - Security contributor
    0
  17. ecs13 Posted messages 14 Status Member
     
    Hello,

    here is the report:

    RogueKiller V3.9.0 by Tigzy
    contact at https://www.luanagames.com/index.fr.html
    email: tigzyRK<at>gmail<dot>com
    Feedback: https://www.luanagames.com/index.fr.html

    Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: nadine [Restricted rights]
    Mode: Scan -- Time : 11/02/2011 08:52:56

    Bad processes:

    Found:

    HOSTS File:
    127.0.0.1 localhost
    ::1 localhost

    Finished
    0
  18. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
     
    Hello,

    ==> Type 2 for delete mode

    ==> If a proxy is found, type 1 for deletion

    ==> If a registry key has been detected, and you are sure it belongs to the Rogue, proceed with mode 2. In any case, the infectious processes have been terminated, you can disinfect safely

    ==> If the program asks to delete the proxy, type 1 if you are sure you did not set it, otherwise type 2
    --
    Helper - Security Contributor
    0
    1. moment de grace Posted messages 29099 Registration date   Status Security Contributor Last intervention   2 274
       
      Hello

      just passing by, the proxy is 4 now

      https://www.commentcamarche.net/faq/30719-utiliser-roguekiller#mode-4-proxyfix

      @ +
      0
    2. pimprenelle27 Posted messages 22182 Status Security Contributor 2 503
       
      Thank you, moment of grace.
      0
  19. ecs13 Posted messages 14 Status Member
     
    Hello again

    I’m sorry but I’m afraid I misunderstood

    I press 2 to enter deletion mode

    However, I do not want to delete the proxies because we work in a network...I think that if I erase it, it won’t work anymore

    So I enter mode 2 but what is it going to erase?

    Thank you in advance
    0
  20. Tigzy Posted messages 7983 Status Security Contributor 582
     
    Hello

    There's no need, he didn't find anything in scan mode, it won't do anything more in the other modes ;)

    EDIT:
    Go ahead and run it, but this time please follow the instructions carefully:

    User: nadine [Restricted rights]

    ==> Under Vista/Seven, right-click -> run as administrator

    SECURITY Contributor *** RogueKiller Developer ***
    No reports by PM, host them on www.cijoint.fr. No disinfection by PM, please open a thread.
    0
  • 1
  • 2