mrgman Posted July 31, 2012 Posted July 31, 2012 Hi all, I keep getting these pop-ups when I am connected to the internet and its p'ing me off. I have done a scan with malwarebytes and it found 2 trj's in my reg. I ave also done a boot time scan with avast and that came back with nothing. Also a scan with trendmicro and that showed nothing. Any help or ideas as to what might be causing this plz [ATTACH=CONFIG]807.vB5-legacyid=1605[/ATTACH] [ATTACH=CONFIG]808.vB5-legacyid=1606[/ATTACH] Quote
mrgman Posted July 31, 2012 Author Posted July 31, 2012 This is solved now as I used the info from another thread. This is what the probs was Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe Quote
KenB Posted July 31, 2012 Posted July 31, 2012 Hi and welcome to Fpch Good to hear that you seem to have solved your own problem. :) If you would like one of our security experts to check over your system ( just in case ) then post the MBAM log and they will take it from there. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
mrgman Posted July 31, 2012 Author Posted July 31, 2012 That would be great. Here is the log Malwarebytes Anti-Malware 1.62.0.1300 http://www.malwarebytes.org Database version: v2012.07.03.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Shaun :: MRG-PC [administrator] 30/07/2012 15:52:11 mbam-log-2012-07-30 (15-52-11).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 446936 Time elapsed: 2 hour(s), 9 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Shaun\AppData\Local\{fc45e245-6609-a38a-a93e-9120e0a3d399}\n. -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Quote
KenB Posted July 31, 2012 Posted July 31, 2012 I will leave a message for them to take a look. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted July 31, 2012 Posted July 31, 2012 Hi mrgman HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully. I did suspect this after seeing the results you posted from Combofix. Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_ none_cf36168b2e9c967b\services.exe . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de30 24012ff21116\userinit.exe I'd like to see the whole report though. It can be found on your system at: C:\ComboFix.txt Please add this in your next reply. Thanks Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.