|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-13-2011, 03:33 AM
|
#1 |
|
Member (9 bit)
Join Date: Apr 2002
Location: ky
Posts: 375
|
Program folder missing in start menu
Had a fake virus alert. I restarted in safe mode and scanned with avg and malware bytes and I noticed then that my spyware blaster along with hijack program was missing. Malware bytes found and removed infected files. When I logged back on all my program files were gone along with most of my desktop items, even IE. Here is the malware log..
Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Database version: 6341 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 4/13/2011 3:41:05 AM mbam-log-2011-04-13 (03-41-05).txt Scan type: Quick scan Objects scanned: 291902 Time elapsed: 9 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PxOuRnWAHQGhyii (Trojan.FakeAlert) -> Value: PxOuRnWAHQGhyii -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\Tim\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully. Files Infected: c:\Documents and Settings\Tim\Local Settings\Temp\ddeslace.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\pxournwahqghyii.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\24829748.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\system32\ddeslace.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Tim\local settings\Temp\jar_cache1316086037071169326.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\ddeslace.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Tim\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\Tim\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
__________________
Gigabyte P35/ DS3L Western Digital Caviar SE16 250GB 7200 RPM 16MB Cache SATA 3.0Gb Intel Core 2 Duo E4500 Allendale 2.2GHz G.SKILL 2GB (2 x 1GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400) Acer AL2216Wbd Black 22" 5ms Widescreen LCD Monitor LITE-ON Black 20X DVD+R 8X DVD+RW |
|
|
|
04-13-2011, 09:55 AM
|
#2 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,181
|
This one has been going around lately - the consensus is back up your files, then nuke and pave.
|
|
|
|
04-13-2011, 12:30 PM
|
#4 |
|
Member (9 bit)
Join Date: Apr 2002
Location: ky
Posts: 375
|
how can I tell if they are just hidden. I know just enough about this stuff to do damage..
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
