| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 119389 | 2011-07-21 03:14:00 | Daughter needs help please | jupiter1 (2578) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1217973 | 2011-07-22 10:30:00 | Run this see if its got a rootkit support.kaspersky.com If it doesnt boot into windows normally, boot into safe mode / networking Also, if its an autorun worm (if she uses flash drives) scan them / write protect them. Because if she uses them / and theyre infected, they'll re-infect the system again (if you plug it into a USB port) |
Speedy Gonzales (78) | ||
| 1217974 | 2011-07-23 05:44:00 | Run this see if its got a rootkit support.kaspersky.com If it doesnt boot into windows normally, boot into safe mode / networking Also, if its an autorun worm (if she uses flash drives) scan them / write protect them. Because if she uses them / and theyre infected, they'll re-infect the system again (if you plug it into a USB port) Thanks Speedy, will take her through all this tonight and get back to you. |
jupiter1 (2578) | ||
| 1217975 | 2011-07-23 09:00:00 | Hi, My daughter ran SpyBot and found nothing. She also ran AdAware and found a "Worm" which she deleted and can not find the log for it so does not know which worm it was. she downloaded "Malware bytes " and ran this, the log is attached she deleted this and hopes that this fixed the problem. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7246 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 23/07/2011 6:36:25 p.m. mbam-log-2011-07-23 (18-36-25).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Objects scanned: 257166 Time elapsed: 43 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\system volume information\_restore{2c2d4d19-e122-4472-8851-1cadeb52d51a}\RP89\A0031913.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. Awaiting reply on current status of laptop. |
jupiter1 (2578) | ||
| 1217976 | 2011-07-23 09:05:00 | I am suggesting that she does :- support.kaspersky.com With the help of her Techy brother in Wgtn. |
jupiter1 (2578) | ||
| 1217977 | 2011-07-23 09:23:00 | Also run this www.bleepingcomputer.com It'll terminate any running malware processes You only need one (get rkill.exe). The other renamed ones are in case (if its malware), it may terminate rkill's process |
Speedy Gonzales (78) | ||
| 1217978 | 2011-07-23 11:41:00 | OK Guys, Summary to date :- She ran SpyBot which found nothing. She then ran Ad aware which found a Worm. She quarantened this and deleted it, unforunately she didn't note which worm it was. She then ran Malware Bytes which found a Trogan which was quarentened and deleted. Log file is in above posting. The lappy has now been running in normal mode for 6 1/2 hours without a problem. She doesn't use usb run disks If further problems occur I will get her to run support.kaspersky.com and www.bleepingcomputer.com has suggested by Speedy G. stay tuned, many thanks to all. Phil. |
jupiter1 (2578) | ||
| 1217979 | 2011-07-25 11:33:00 | Hi Guys, Well, the lappy has been running properly now for two days so we are assuming that it is fixed due to the two nasties removed mentioned above. If this proves not to be the case I will get my daughter to run the repair programs mentioned by Speedy in the postings above. I will report back if this is necessary so keep a watch for the "Daughter needs help" thread. Many thanks to all that helped with this problem. Cheers, hil. |
jupiter1 (2578) | ||
| 1217980 | 2011-07-25 11:50:00 | Hi, Database version: 7246 Windows 5 . 1 . 2600 Service Pack 2 Internet Explorer 6 . 0 . 2900 . 2180 Hi jupiter1, can I suggest she updates it to service pack 3 and Internet Explorer 8 if the machine can take it . Glad its running much better, Congrats . |
Iantech (16386) | ||
| 1217981 | 2011-07-26 09:35:00 | Thanks Iantech, I have passed your suggestion on. The laptop should handle both those OK, it is fairly high spec'ed. We got it for her Design degree. Cheers, Phil. |
jupiter1 (2578) | ||
| 1 2 3 4 5 | |||||