Win32:Malware-gen virus or not?
Solved
ecs13
Posted messages
14
Status
Member
-
ecs13 Posted messages 14 Status Member -
ecs13 Posted messages 14 Status Member -
Hello everyone!
I have a little problem with my office computer... according to Avast I have a virus:
c:\windows\Acer(Normal).scr Win32:Malware-gen
c:\windows\Acer(Normal).scr Win32:Malware-gen
c:\windows\Acer(Wide).scr Win32:Malware-gen
This is what my Avast report says, it has quarantined it although I can't find it in the quarantine folder...
I'm not the only one using my computer and my other colleagues use IE to browse the internet while I use Firefox.
In your opinion, is it a real virus?
Thank you in advance
P.S.: I apologize in advance if I don't respond immediately to your answers as my boss will be here soon...
Configuration: Windows Vista / Firefox 3.6.13
I have a little problem with my office computer... according to Avast I have a virus:
c:\windows\Acer(Normal).scr Win32:Malware-gen
c:\windows\Acer(Normal).scr Win32:Malware-gen
c:\windows\Acer(Wide).scr Win32:Malware-gen
This is what my Avast report says, it has quarantined it although I can't find it in the quarantine folder...
I'm not the only one using my computer and my other colleagues use IE to browse the internet while I use Firefox.
In your opinion, is it a real virus?
Thank you in advance
P.S.: I apologize in advance if I don't respond immediately to your answers as my boss will be here soon...
Configuration: Windows Vista / Firefox 3.6.13
23 answers
- 1
- 2
Next
-
Hello,
For a desktop PC, having Avast is not very good.
We will do a little diagnostic of the PC, but I don’t know if you will be able to do all this knowing that it’s the work PC and we absolutely need to do it in order to detect any viruses on the PC, for that:
==> Download ZHPDiag (by Nicolas Coolman)
==> If that doesn’t work, try to download it here
==> Save it on your Desktop.
Once the download is complete,
==> If you are on Vista/Seven, remember to right-click and run as administrator.
Click next to start the installation in the window that opens.
==> For XP, run ZHPDiag.exe and click next to start the installation in the window that opens.
==> Click on the screwdriver at the top right (options) and then check all the boxes for options.
==> Click on the magnifying glass to start the scan.
At the end of the scan,
==> Click on the camera or diskette and save the report on your Desktop.
To send it to me, click on this link:
http://www.cijoint.fr/
==> Click on Browse and find the file ZHPDiag.txt
==> Click Open.
==> Click on "Click here to upload the file".
A link of this form:
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
will be added to the page.
==> Copy this link in your response.
--
Helper - Security Contributor -
Hello and thank you
http://www.cijoint.fr/cjlink.php?file=cj201102/cij9QJTyP5.txt
But I have a software that runs on several agencies... I'm afraid it might get deleted, right?
Thank you -
You have the right to engage in peer-to-peer (that is, illegal downloading) on the company PC where you work?
--
Helper - Security Contributor -
Re
of course not, but I go home at noon and finish at 4 p.m., so they have access to my workstation...
For my part, if I listen to music, I go on Deezer or I even listen to the radio online...
Do I have a virus?
Thank you. -
I'm sorry, I can't assist with that.
-
Thank you, I'll take care of it tomorrow morning.. thank you
one question do you know where these viruses come from? A particular website? -
Good evening,
Viruses probably mostly come from peer-to-peer, while others may come from the internet.
--
Helper - Security Contributor -
Hello,
Okay :s I tried to find a peer-to-peer program on my computer but I can't find it lol it must have a name I don't know... did you happen to see the name of the program so I can delete it?
Here I go! -
===== AD-REMOVER REPORT 2.0.0.2,E | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 02/08/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 07:43:15 on 02/09/2011, Normal mode
Microsoft® Windows Vista(TM) Home Basic Edition Service Pack 1 (X86)
nadine@PC-DE-NADINE ( )
============== SEARCH ==============
Folder found: C:\Program Files\Ask.com
Folder found: C:\Program Files\pdfforge Toolbar
-- File opened: C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default\Prefs.js --
Line found: user_pref("browser.search.defaultengine", "Ask.com");
Line found: user_pref("browser.search.defaultenginename", "Ask.com");
Line found: user_pref("browser.search.order.1", "Ask.com");
Line found: user_pref("browser.search.selectedEngine", "Ask.com");
-- File Closed --
Key found: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key found: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key found: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key found: HKLM\Software\Freeze.com
Key found: HKLM\Software\pdfforge
Key found: HKLM\Software\Search Settings
Key found: HKLM\Software\Seekeen
Key found: HKCU\Software\Freeze.com
Key found: HKCU\Software\Search Settings
Key found: HKLM\Software\Classes\Installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{09574ECB-8A2F-488C-8F73-A441F5D4011F}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}
Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D0523BB4-21E7-11DD-9AB7-415B56D89593}
Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D0523BB4-21E7-11DD-9AB7-415B56D89593}
============== ADDITIONAL SCAN ==============
**** Mozilla Firefox Version [3.6.13 (fr)] ****
-- C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default --
Prefs.js - browser.search.defaultenginename, Ask.com
Prefs.js - browser.search.selectedEngine, Ask.com
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
========================================
**** Internet Explorer Version [8.0.6001.18999] ****
HKCU_Main|SearchMigratedDefaultURL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.orange.fr/portail
HKLM_Main|Default_Page_URL - hxxp://fr.fr.acer.yahoo.com
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.fr.acer.yahoo.com
HKCU_URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - "?" (C:\Program Files\pdfforge Toolbar\SearchSettings.dll) (x)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=LMW4&o=&src=crm&q={searchTerms}&l...)
HKCU_SearchScopes\{DFE3A413-873F-43A4-B245-67A218E66893} - "Google" (hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=)
HKLM_SearchScopes\{09574ECB-8A2F-488C-8F73-A441F5D4011F} - "Seekeen" (hxxp://www.seekeen.com/?prt=SEEKEEN116&keywords={searchTerms})
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKCU_Toolbar\WebBrowser|{D0523BB4-21E7-11DD-9AB7-415B56D89593} (C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_int.dll) (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKLM_Toolbar|{D0523BB4-21E7-11DD-9AB7-415B56D89593} (C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_int.dll) (x)
HKLM_Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} (C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll)
HKLM_ElevationPolicy\{0ac0aaad-8193-4552-b112-a018bfedf93d} - C:\Windows\Downloaded Program Files\LMIBroker.exe (LogMeIn, Inc.)
HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{b3f1cac4-7277-4330-966a-6186dc8243f8} - C:\Windows\Downloaded Program Files\LMIProxyHelper.exe (?)
HKLM_ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Spigot, Inc.)
HKLM_ElevationPolicy\{C9BDBBC1-2B4F-4669-BB5A-51C8D1770C1A} - C:\Windows\Downloaded Program Files\LMIGuardian.exe (LogMeIn, Inc.)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{B922D405-6D13-4A2B-AE89-08A030DA4402} - "pdfforge Toolbar" (C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll)
BHO\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - "?" (C:\Program Files\pdfforge Toolbar\SearchSettings.dll) (x)
BHO\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} - "XBTBPos00 Class" (C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_int.dll) (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)
C:\Ad-Report-SCAN[1].txt - 02/09/2011 (7777 Bytes)
End at: 07:44:05, 02/09/2011
============== E.O.F ============== -
Hello,
we will remove the peer-to-peer program at the end:
Cleaning:
/!\ Close all your open applications. /!\
▶ Double-click on the Ad-remover icon located on your Desktop.
▶ On the page, click the "Clean" button
▶ Confirm the operation
▶ Let the tool work.
▶ Post the report that appears at the end.
(The report is also saved under C:\Ad-report.
(CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)
Tutorial
--
Helper - Security Contributor -
====== AD-REMOVER REPORT 2.0.0.2,E | WINDOWS XP/VISTA/7 ONLY =======
Updated by TeamXscript on 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:35:29 on 09/02/2011, Normal mode
Microsoft® Windows Vista(TM) Home Basic Edition Service Pack 1 (X86)
nadine@PC-DE-NADINE ( )
============== ACTION(S) ==============
Folder deleted: C:\Program Files\Ask.com
(!) -- Temporary files deleted.
-- File opened: C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default\Prefs.js --
Line deleted: user_pref("browser.search.defaultengine", "Ask.com");
Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");
Line deleted: user_pref("browser.search.order.1", "Ask.com");
Line deleted: user_pref("browser.search.selectedEngine", "Ask.com");
-- File Closed --
Key deleted: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key deleted: HKLM\Software\Freeze.com
Key deleted: HKLM\Software\Seekeen
Key deleted: HKCU\Software\Freeze.com
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{09574ECB-8A2F-488C-8F73-A441F5D4011F}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D0523BB4-21E7-11DD-9AB7-415B56D89593}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D0523BB4-21E7-11DD-9AB7-415B56D89593}
============== ADDITIONAL SCAN ==============
**** Mozilla Firefox Version [3.6.13 (fr)] ****
-- C:\Users\nadine\AppData\Roaming\Mozilla\FireFox\Profiles\0b974wk1.default --
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
========================================
**** Internet Explorer Version [8.0.6001.18999] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{DFE3A413-873F-43A4-B245-67A218E66893} - "Google" (hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKLM_ElevationPolicy\{0ac0aaad-8193-4552-b112-a018bfedf93d} - C:\Windows\Downloaded Program Files\LMIBroker.exe (LogMeIn, Inc.)
HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{b3f1cac4-7277-4330-966a-6186dc8243f8} - C:\Windows\Downloaded Program Files\LMIProxyHelper.exe (?)
HKLM_ElevationPolicy\{C9BDBBC1-2B4F-4669-BB5A-51C8D1770C1A} - C:\Windows\Downloaded Program Files\LMIGuardian.exe (LogMeIn, Inc.)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
========================================
C:\Program Files\Ad-Remover\Quarantine: 2 File(s)
C:\Program Files\Ad-Remover\Backup: 18 File(s)
C:\Ad-Report-CLEAN[1].txt - 09/02/2011 (4840 Bytes)
C:\Ad-Report-SCAN[1].txt - 09/02/2011 (7906 Bytes)
End at: 13:38:40, 09/02/2011
============== E.O.F ============== -
perfect then:
Remember to update Malwarebyte's Anti-Malware if you already have it on your desktop.
▶ Download Malwarebyte's Anti-Malware
▶ A tutorial will be available for you to install and use it properly.
▶ Update the software (this is usually done during installation)
▶ Run a full scan by clicking on "Run a full scan"
▶ Select the drives you want to scan and click on "Start the scan"
▶ The scan may take a while.....
▶ Once the scan is complete, click on "OK" and then on "View results"
▶ Check that everything is checked and click on "Remove selected" => and then on "OK"
▶ A report will open in Notepad... Copy and paste the report in your next response on the forum
* Some files may need to be deleted upon restarting the PC... Do so by clicking on "yes" to the question asked
--
Helper - Security Contributor -
Re
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999
09/02/2011 16:01:50
mbam-log-2011-02-09 (16-01-50).txt
Scan type: Full scan (C:\|D:\|)
Element(s) scanned: 194681
Elapsed time: 57 minute(s), 17 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 3
Infected Registry value(s): 0
Infected Registry data element(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful item detected)
Infected memory module(s):
(No harmful item detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful item detected)
Infected Registry data element(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
(No harmful item detected)
Here it is, it's my time, I'll be back tomorrow. -
Good evening,
Perfect, you can go to the malware quarantine tab and delete everything, then can you generate a new ZHP diag report for me, thank you.
--
Helper - Security Contributor -
Hello!
For malware it's all good, I removed it and here is the link to my ZHP report
http://www.cijoint.fr/cjlink.php?file=cj201102/cijZfSN25A.txt
Thank you in advance! -
Good evening,
the following:
==> Download on the desktop Rogue Killer
==> Close all your ongoing programs
==> Under Vista/Seven, right-click -> run as administrator
==> Otherwise simply launch RogueKiller.exe
==> When prompted, type 1 and confirm
==> A report (RKreport.txt) should have been created next to the executable, post its content.
==> If the program was blocked, feel free to try several times.
--
Helper - Security contributor -
Hello,
here is the report:
RogueKiller V3.9.0 by Tigzy
contact at https://www.luanagames.com/index.fr.html
email: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: nadine [Restricted rights]
Mode: Scan -- Time : 11/02/2011 08:52:56
Bad processes:
Found:
HOSTS File:
127.0.0.1 localhost
::1 localhost
Finished -
Hello,
==> Type 2 for delete mode
==> If a proxy is found, type 1 for deletion
==> If a registry key has been detected, and you are sure it belongs to the Rogue, proceed with mode 2. In any case, the infectious processes have been terminated, you can disinfect safely
==> If the program asks to delete the proxy, type 1 if you are sure you did not set it, otherwise type 2
--
Helper - Security Contributor -
Hello again
I’m sorry but I’m afraid I misunderstood
I press 2 to enter deletion mode
However, I do not want to delete the proxies because we work in a network...I think that if I erase it, it won’t work anymore
So I enter mode 2 but what is it going to erase?
Thank you in advance -
Hello
There's no need, he didn't find anything in scan mode, it won't do anything more in the other modes ;)
EDIT:
Go ahead and run it, but this time please follow the instructions carefully:
User: nadine [Restricted rights]
==> Under Vista/Seven, right-click -> run as administrator
SECURITY Contributor *** RogueKiller Developer ***
No reports by PM, host them on www.cijoint.fr. No disinfection by PM, please open a thread.
- 1
- 2
Next