« previous next »
Pages: [1]   Go Down

Author Topic: PC is infected, Cannot remove the virus?? Please help UPDATE  (Read 4396 times)

0 Members and 1 Guest are viewing this topic.

nicoleferrer76

  • Guest
PC is infected, Cannot remove the virus?? Please help UPDATE
« on: October 22, 2009, 10:49:42 PM »
Ok I ran the MBAM? I think that was what you called it, it seems to have worked for now. Here is the log. Do i need to do anything else? And how do you think I got this on my pc? How an I avoid it in the future?
Thanks for your help!!! ;D


Malwarebytes' Anti-Malware 1.41
Database version: 3014
Windows 5.1.2600 Service Pack 3

10/22/2009 9:08:17 PM
mbam-log-2009-10-22 (21-08-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 208506
Time elapsed: 1 hour(s), 15 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lsp.dll (Search.Hijacker) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System tool (Rogue.SysGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System tool (Rogue.SysGuard) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\19527504 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Nicole\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> No action taken.
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\lsp.dll (Search.Hijacker) -> No action taken.
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP934\A0212137.dll (Search.Hijacker) -> No action taken.
C:\Documents and Settings\All Users\Application Data\19527504\19527504 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Nicole\Start Menu\Programs\System Security\System Security (Rogue.SystemSecurity) -> No action taken.
C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla (Trojan.Agent) -> No action taken.
C:\Program Files\btiicj\sijbsysguard.exe (Rogue.SysGuard) -> No action taken.
C:\WINDOWS\syssvc.exe (Trojan.FakeAlert) -> No action taken.





Thank you for your help, again. I got my laptop back up and running, Avast finished the scan identified a virus, i sent it to the chest and removed it but it keeps coming back. This is the second time i have this same virus, it disguises itself as an anti-virus program, and it is blocking all my apps. So I am virtually useless. Im not an expert but im not an idiot either, if someone can walk me through how to remove this, at least so i can get my files off the pc would be really appreciated.

I think the name of the file is "iehelper.dll"
« Last Edit: October 23, 2009, 03:27:58 AM by nicoleferrer76 »
Logged

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: PC is infected, Cannot remove the virus?? Please help
« Reply #1 on: October 22, 2009, 11:31:22 PM »
Please download MBAM (the free version), install it, update it, and have it run a quick scan.
Following the scan, view the report and select everything found, then "remove selected" (which will quarantine the object/s).
If MBAM asks to restart to complete removal, please do so promptly.
Following this, please post the MBAM log.

Was this the same computer that was powered off in the middle of an Avast boot scan?
Logged
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: PC is infected, Cannot remove the virus?? Please help
« Reply #2 on: October 22, 2009, 11:33:04 PM »
« Last Edit: October 22, 2009, 11:38:04 PM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: PC is infected, Cannot remove the virus?? Please help
« Reply #3 on: October 22, 2009, 11:36:54 PM »
Hi nicoleferrer76,

Manual removal procedure:


Step 1: Use Windows File Search Tool to Find iehelper.dll Path


Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "iehelper.dll" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "iehelper.dll", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete iehelper.dll in the following manual removal steps.
Read more about How to Delete iehelper.dll with File Search Tool

Step 2: Use Windows Command Prompt to Unregister iehelper.dll Files

To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the iehelper.dll DLL file is located and press the "Enter" button on your keyboard. If don't know where iehelper.dll DLL file is located, use the "dir" command to display the directory's contents.
To unregister "iehelper.dll" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u iehelper.dll.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Read more about How to Remove iehelper.dll DLL Files

Step 3: Detect and Delete Other iehelper.dll Files

To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in del "name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "iehelper.dll" process and click on the "End Process" button to kill it.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

nicoleferrer76

  • Guest
Re: PC is infected, Cannot remove the virus?? Please help
« Reply #4 on: October 23, 2009, 01:57:47 AM »
Quote from: Tarq57 on October 22, 2009, 11:31:22 PM
Please download MBAM (the free version), install it, update it, and have it run a quick scan.
Following the scan, view the report and select everything found, then "remove selected" (which will quarantine the object/s).
If MBAM asks to restart to complete removal, please do so promptly.
Following this, please post the MBAM log.

Was this the same computer that was powered off in the middle of an Avast boot scan?

Yes it was. Thanks, I am trying what you suggested. If it dosent work I will keep going down the list.
Logged

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: PC is infected, Cannot remove the virus?? Please help
« Reply #5 on: October 23, 2009, 02:08:18 AM »
Sounds a good plan.
Logged
Windows 10,Windows Firewall,Firefox w/Adblock.
Pages: [1]   Go Up
« previous next »