Author Topic: Think my wife's Toughbook is infected!!  (Read 4569 times)

0 Members and 1 Guest are viewing this topic.

Dark Star Balla

  • Guest
Think my wife's Toughbook is infected!!
« on: January 20, 2012, 05:11:36 AM »
She couldn't access our wireless network keep getting the error message (wireless network connection doesn't have a valid ip configuration). Then noticed the anti virus (Avast) has been disabled and I can not restart it. I get this message (unable to start scan there are no more endpoints available from the endpoint mapper) when I try to run a scan. I also ran spybot s&d and what it shows is (HKey_Local_Machine\software\freeze.com & HKey_Local_Machine\software\W3i). I need help getting this thing back functioning. Anyone that can help me?

Dark Star Balla

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #1 on: January 20, 2012, 08:00:53 AM »
By the way.. I'm running windows 7 ultimate 2Ghz 2 G ram. Not sure what other info anyone needs to help me. But hopefully someone can. I've search these forums and have not found a solution I've also submitted a support ticket.

Gargamel360

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #2 on: January 20, 2012, 08:15:21 AM »
http://forum.avast.com/index.php?topic=81856.msg668731#msg668731

If you are using Teatimer, I would advise disabling that, it has caused problems with Avast! before.

edit: if you think you might be infected, download/install/update and run this>>http://www.malwarebytes.org/products/malwarebytes_free , if it finds anything, post the logs back here.
« Last Edit: January 20, 2012, 08:18:36 AM by Gargamel360 »

Dark Star Balla

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #3 on: January 21, 2012, 01:01:32 AM »
Hi did the repair it seems to be working fine but did the scan also and here are the results. Please let me know if you see any action I need to take.

Gargamel360

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #4 on: January 21, 2012, 01:31:56 AM »
Well, I'm always hesitant to cry infection, but it appears you were right. 

The log is hard to interpret, as it appears you saved it in the wrong format, it comes out a mess of Asiatic text.

One good thing about it, it looks like C-net's Adware, you get that bundled now with some of their downloads.  Which you do not want or need, but there are many worse things. ;)

I can tell you what to run, but for your own good (in case I was wrong) I wont make the leap to telling you what to remove.  So head over here>>http://forum.avast.com/index.php?topic=53253.msg451454#msg451454 , and follow the experts guide, he will look at the resulting logs and get you clean as a whistle.






Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37583
  • Not a avast user
Re: Think my wife's Toughbook is infected!!
« Reply #5 on: January 21, 2012, 01:42:14 AM »
Quote
The log is hard to interpret, as it appears you saved it in the wrong format, it comes out a mess of Asiatic text.
3 infections at the bottom.....and yes seem to be PUP.CNET.Adware.Bundle
if you save it as ANSI....then we can read the log
« Last Edit: January 21, 2012, 01:44:12 AM by Pondus »

Dark Star Balla

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #6 on: January 21, 2012, 01:43:50 AM »
oh, can I convert it to ansi? If so how do I?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37583
  • Not a avast user
Re: Think my wife's Toughbook is infected!!
« Reply #7 on: January 21, 2012, 01:45:13 AM »
oh, can I convert it to ansi? If so how do I?
look here...Essexboy have posted some pictures   http://forum.avast.com/index.php?topic=53253.0

Dark Star Balla

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #8 on: January 21, 2012, 02:13:35 AM »
Just copied it all...

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.20.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

1/20/2012 10:25:39 AM
mbam-log-2012-01-20 (11-31-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303091
Time elapsed: 56 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2EMX1AB\cnet2_mmsetup_10004033_ENU_exe.exe (PUP.CNET.Adware.Bundle) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\ICReinstall\cnet2_mmsetup_10004033_ENU_exe.exe (PUP.CNET.Adware.Bundle) -> No action taken.
C:\Users\Owner\Downloads\Apps\PowerISO45\PowerISO45\AGAiN.Keygen\Keygen.exe (RiskWare.Tool.HCK) -> No action taken.

(end)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37583
  • Not a avast user
Re: Think my wife's Toughbook is infected!!
« Reply #9 on: January 21, 2012, 03:25:34 AM »
your log say "NO ACTION TAKEN" !

if you want those issues fixed you must check that they are marked for removal and click the "REMOVE SELECTED" button after scan

OBS: two new updates have been released since your scan...

Dark Star Balla

  • Guest
Re: Think my wife's Toughbook is infected!!
« Reply #10 on: January 21, 2012, 07:20:22 PM »
Thank you guys for your assistance! I appreciate it