Author Topic: Please Help!!  (Read 3491 times)

0 Members and 1 Guest are viewing this topic.

Nelherbie

  • Guest
Please Help!!
« on: March 22, 2011, 11:12:47 PM »
I have a virus programme on my comp. MBAM does not detect it. Although I can see it in my programmes, I cannot delete i because it tells me I need to be the administrator. It tells me this even while logged in as admin. I also have kaspersky which detects that it is there but it cannot remove it. Ant help would be greatly appreciated!!
I used the OTS thing too and attached my log.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Please Help!!
« Reply #1 on: March 22, 2011, 11:31:47 PM »
What programmes are reported as infected ?

All I can see at the moment is clickpotato


Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4015492428-82776258-144438551-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-4015492428-82776258-144438551-1000\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Users\Mary\AppData\Roaming\Mozilla\FireFox\Profiles\vjt9n1yz.default\prefs.js
YN -> browser.search.defaultthis.engineName -> "Conduit Engine Customized Web Search"
YN -> browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}"
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com -> C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.666.0\FIREFOX\EXTENSIONS]
< FireFox SearchPlugins [User Folders] > ->
YY ->  conduit.xml -> C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\vjt9n1yz.default\searchplugins\conduit.xml
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4015492428-82776258-144438551-1000\] > -> HKEY_USERS\S-1-5-21-4015492428-82776258-144438551-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  ClickPotatoLiteSA -> C:\ProgramData\ClickPotatoLiteSA
NY ->  ClickPotatoLite -> C:\Program Files\ClickPotatoLite
[Files/Folders - Modified Within 30 Days]
NY ->  AK083E209605E394C.lie -> C:\Windows\System32\AK083E209605E394C.lie
NY ->  SystemToolsDailyTest.job -> C:\Windows\tasks\SystemToolsDailyTest.job
[Files - No Company Name]
NY ->  AK083E209605E394C.lie -> C:\Windows\System32\AK083E209605E394C.lie
[File - Lop Check]
NY ->  SystemToolsDailyTest.job -> C:\Windows\Tasks\SystemToolsDailyTest.job
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Nelherbie

  • Guest
Re: Please Help!!
« Reply #2 on: March 23, 2011, 01:56:15 AM »
Had a slight problem saving the log cause my computer battery died and I couldn't find the log after that. I did manage to get rid of clickpotato though. I did another scan with ots and will attach the log of it. Not sure it will help you though...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Please Help!!
« Reply #3 on: March 23, 2011, 07:44:03 PM »
Yep it has gone - what are your current problems ?

Nelherbie

  • Guest
Re: Please Help!!
« Reply #4 on: March 23, 2011, 09:38:15 PM »
I looks like that was my only problem. Nothing else is showing up since it was removed. It was probably the cause of all of my problems!!! Thanks for the help!!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Please Help!!
« Reply #5 on: March 23, 2011, 10:01:39 PM »
No problem - run OTS and hit the cleanup button