Author Topic: [RESOLVED]Help me! why?  (Read 30474 times)

0 Members and 1 Guest are viewing this topic.

wli

  • Guest
Re: Help me! why?
« Reply #30 on: November 11, 2010, 12:58:44 PM »
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

数据库版本 5094

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2010-11-11 19:56:41
mbam-log-2010-11-11 (19-56-41).txt

扫描类型 闪光扫描
扫描的项目 108023
时间流逝 1 小时, 55 分钟

被感染内存模块数目: 0
被感染注册表项数目: 0
被感染注册表值数目: 6
被感染注册表数据项数目: 0
被感染文件夹数目: 3
被感染文件数目: 0
一个日志文件已被保存到日志文件夹。 0

被感染内存模块数目:
被感染内存进程数目:

被感染注册表项数目:
被感染内存进程数目:

被感染注册表值数目:
HKEY_CLASSES_ROOT\Thunder (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\snda\Woool (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> No action taken.

被感染注册表数据项数目:
被感染内存进程数目:

被感染文件夹数目:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE

SafeSurf

  • Guest
Re: Help me! why?
« Reply #31 on: November 12, 2010, 10:20:28 AM »
Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
<snip>
·   Click the “remove selected” button to quarantine anything found.

HKEY_CLASSES_ROOT\Thunder (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\snda\Woool (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE
Why did you not let MBAM quarantine the infections you listed?  Your log says "No action taken?"

Sometimes people with cracked versions of Windows display this as well as people with actual malware.  I need to ask...Are you using a cracked/pirated version of Windows?  If you are using legit version of Windows, please update MBAM again and do the scan again, but this time any infection that comes up, put it into quarantine.  Post your new MBAM log.  Thank you.

bong2x

  • Guest
Re: Help me! why?
« Reply #32 on: November 12, 2010, 10:39:31 AM »
will, if you help him/her today his computer will be okay, tomorrow he/she supper the same problem again  :o;D, that maybe because his/her computer have ghost image recovery can only be cure if he/she disable it first and make another ghost image after his/her computer is completely repaired ;) ;) ;)

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Help me! why?
« Reply #33 on: November 12, 2010, 10:57:51 AM »
will, if you help him/her today his computer will be okay, tomorrow he/she supper the same problem again  :o;D, that maybe because his/her computer have ghost image recovery can only be cure if he/she disable it first and make another ghost image after his/her computer is completely repaired ;) ;) ;)
bong2x, twice you have refered to ghost image recovery being a problem for the OP in this thread, where does the OP mention that he is using ghost image?

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Help me! why?
« Reply #34 on: November 12, 2010, 11:02:35 AM »
wli, you have enough post's now to place some information about you system in forum profile information.
This will greatly help those that wish to help you.  :)

SafeSurf

  • Guest
Re: Help me! why?
« Reply #35 on: November 12, 2010, 11:06:33 AM »
@ bong2x,

We are also dealing with an OP with a slight language barrier, and we are used to communicating with people from all over the world.  Sometimes patience is required.  Thank you.

@ wli,

Now that you have over 20 posts, craigb has asked you to enter the the following information:

Please go to PROFILE on the top of the main forum page > Modify Profile > Forum Profile Information > Signature.   Enter information about your system like the Operating System (OS), RAM, browser, security software, what version and product of Avast and firewall you use and other items you wish to mention.  See our signatures as an example.  The purpose of this is so that we can offer pertinent advice.  Thank you.

wli

  • Guest
Re: Help me! why?
« Reply #36 on: November 12, 2010, 11:16:25 AM »
@ bong2x,

We are also dealing with an OP with a slight language barrier, and we are used to communicating with people from all over the world.  Sometimes patience is required.  Thank you.

@ wli,

Now that you have over 20 posts, craigb has asked you to enter the the following information:

Please go to PROFILE on the top of the main forum page > Modify Profile > Forum Profile Information > Signature.   Enter information about your system like the Operating System (OS), RAM, browser, security software, what version and product of Avast and firewall you use and other items you wish to mention.  See our signatures as an example.  The purpose of this is so that we can offer pertinent advice.  Thank you.


Win XP-H SP2 / sogou explorer / Avast Free 5.0.677 / Kingsoft Firewall/  MBAM / 360

SafeSurf

  • Guest
Re: Help me! why?
« Reply #37 on: November 12, 2010, 11:22:06 AM »
Hi wli,

Instead of typing in your system information, follow the directions I wrote and this way you won't have to type it in again...it will come through automatically with every post.  :D

Question:  I see you typed in "360."  Are you using IObit 360?

YoKenny

  • Guest
Re: Help me! why?
« Reply #38 on: November 12, 2010, 03:42:31 PM »

Win XP-H SP2 / sogou explorer / Avast Free 5.0.677 / Kingsoft Firewall/  MBAM / 360/

Please see:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Help me! why?
« Reply #39 on: November 12, 2010, 04:52:56 PM »
Hi wli,

Instead of typing in your system information, follow the directions I wrote and this way you won't have to type it in again...it will come through automatically with every post.  :D

Question:  I see you typed in "360."  Are you using IObit 360?
I was thinking the exact same thing. wli, if you do have iobit 360 on your system it would be wise to delet it as you cant have two av's on the same machine, running or not.

bong2x

  • Guest
Re: Help me! why?
« Reply #40 on: November 12, 2010, 05:59:02 PM »
Quote
bong2x, twice you have refered to ghost image recovery being a problem for the OP in this thread, where does the OP mention that he is using ghost image?

because i also use it in my sp2, for the reason that unsupported OS open to foreign software so you need to make ghost and every time you boot it load the same as fresh install. won't you believe it will give you a lot of problem if your OS is un supported?? its always malfunction. the problem of yesterday become the problem of today because of the OS.

Best Regards!!!

wli

  • Guest
Re: Help me! why?
« Reply #41 on: November 13, 2010, 07:29:53 AM »
Hi wli,

Instead of typing in your system information, follow the directions I wrote and this way you won't have to type it in again...it will come through automatically with every post.  :D

Question:  I see you typed in "360."  Are you using IObit 360?
I dont know how to translate it. just look at the pic.
http://www.360.cn/?src=baidu

SafeSurf

  • Guest
Re: Help me! why?
« Reply #42 on: November 13, 2010, 08:57:04 AM »
I did some research:  You are running 3 antivirus programs on your machine which is causing your problems.

360 (Translation): "Security guards with killing Trojans, clean plug-in, fix bugs, computers and other physical features, and created a "Trojan firewall" function, relying on cloud detection and identification of the first to be comprehensive, intelligently blocking all kinds of Trojans, to protect users account, privacy and other important information. Currently trojan virus has far exceeded the threat of a large, 360 security guards cloud security technology used in the interception and the effect of killing Trojans, speed and outstanding performance on the professional, can effectively prevent personal data and privacy by stealing Trojan, known as " Trojan's first choice to prevent. " 360 security guards themselves are very lightweight, and also have the power to accelerate, optimize garbage collection and other system functions, can greatly accelerate the speed of the computer, containing the 360 software also helps users to easily download butler, upgrade, and uninstall various software applications strongly." 

Plus you also have a Kaspersky product installed with this boxed 360 version, but I do not know what it is.

Either way, it is a security software with an antivirus that is conflicting with Avast.

You need to make a decision to either keep Avast or keep 360, because you cannot run more than 1 antivirus software on your machine at the same time or there will be problems like you are having now (other programs not running, antivirus not running correctly, getting false positives, machine not running correctly, etc.).

So you need to decide what you want to do.  If you decide to uninstall 360, you need to do it the way the vendor (the boxed version) tells you how to do it.  Then reboot your machine. 

Then you should Repair Avast:
- Go to Control Panel > Add/Remove programs > Avast Antivirus.
- Scroll down and choose Repair function in the pop-up window.
- Reboot.

If the Avast Repair does not fix things, we will then tell you how to uninstall and do a clean install of Avast.  But I first want to hear what you decision will be as I do not want to overwhelm you with instructions.  Thank you.



wli

  • Guest
Re: Help me! why?
« Reply #43 on: November 14, 2010, 05:55:25 AM »
I did some research:  You are running 3 antivirus programs on your machine which is causing your problems.

360 (Translation): "Security guards with killing Trojans, clean plug-in, fix bugs, computers and other physical features, and created a "Trojan firewall" function, relying on cloud detection and identification of the first to be comprehensive, intelligently blocking all kinds of Trojans, to protect users account, privacy and other important information. Currently trojan virus has far exceeded the threat of a large, 360 security guards cloud security technology used in the interception and the effect of killing Trojans, speed and outstanding performance on the professional, can effectively prevent personal data and privacy by stealing Trojan, known as " Trojan's first choice to prevent. " 360 security guards themselves are very lightweight, and also have the power to accelerate, optimize garbage collection and other system functions, can greatly accelerate the speed of the computer, containing the 360 software also helps users to easily download butler, upgrade, and uninstall various software applications strongly." 


Plus you also have a Kaspersky product installed with this boxed 360 version, but I do not know what it is.

Either way, it is a security software with an antivirus that is conflicting with Avast.

You need to make a decision to either keep Avast or keep 360, because you cannot run more than 1 antivirus software on your machine at the same time or there will be problems like you are having now (other programs not running, antivirus not running correctly, getting false positives, machine not running correctly, etc.).

So you need to decide what you want to do.  If you decide to uninstall 360, you need to do it the way the vendor (the boxed version) tells you how to do it.  Then reboot your machine. 

Then you should Repair Avast:
- Go to Control Panel > Add/Remove programs > Avast Antivirus.
- Scroll down and choose Repair function in the pop-up window.
- Reboot.

If the Avast Repair does not fix things, we will then tell you how to uninstall and do a clean install of Avast.  But I first want to hear what you decision will be as I do not want to overwhelm you with instructions.  Thank you.



-------------------------------------------------------------------------------------------------------------
SafeSurf,Thanks,but V4.8avast have no conflict with 360,`cause the 2 software still can work.when I update V5.0,those could not work either.

SafeSurf

  • Guest
Re: Help me! why?
« Reply #44 on: November 14, 2010, 08:15:50 AM »
Thanks,but V4.8avast have no conflict with 360,`cause the 2 software still can work.when I update V5.0,those could not work either.
There were updates and changes from Avast 4.8 to 5.0 plus there were updates to your other AV 360.  You still have more than 1 AV running in your machine.  See here why you cannot have more than 1 AV running in your machine:
- Clash Of The Antivirus Apps:
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
- Why you should never run more than one AV (see reply from quietman7):
http://www.bleepingcomputer.com/forums/index.php?s=49db784baecf17e7b189c833aafb624d&showtopic=260844&view=findpost&p=1441638

You said in a previous post that when you installed Kingsoft firewall that MBAM no longer works, and this is not normal.  But MBAM found infections that still need to be put into quarantine.  Can you try turning off your firewall to see if MBAM works?  Remember you need to UPDATE MBAM before running a FULL scan, and put any infection that comes up into quarantine.  If MBAM still does not work, then you need to uninstall Kingsoft for MBAM to work; you can turn on the Windows Firewall for protection in the meantime.  We need to get the malware (infections) out of your machine.  The infections could be causing problems too.

You never answered my question earlier if you are using a cracked (pirated) software of anything on you machine...are you?