Antivirus 2009

Ok, I have downloaded and am scanning right now. I'll give you a little more insight on this issue. So, all yesterday I ahd no problem, but all of a sudden as of probably 3 PM EST, I started having problems again like I'll get to a page and it will say blocked and I'll have to keep pushing my forward and back buttons to get on the page. This happens on any page like even this one and that malware site you guys gave me. I even have Norton 360 downloaded.

did you go for a QUICK scan, as I had indicated?   or did you instead opt for a FULL scan??    and has it indicated finding any problems so far?

 

in any case, I would suggest you let your scan (quick or full) run to completion.   while the duration can depend on many factors (CPU speed, disk speed, and number/size of files on your system), it hopefully won't last much longer... but if it does, let it finish, and REMOVE any items found.

 

while i'm expecting it to remove antivirus 2009, it's possible there may be some lingering remnants... or other (non-related) problems... in which case, we'll offer you additional suggestions.

Ok, I'm hoping that it finds the problem!

Is there an average time the scan takes because it's been running for about 40 minutes and has scanned probably 85,000 items?

"It has already found 5 problems so far.... "

that's certainly a positive sign.   unlike many other scanners, MBAM does not search for "cookies" [which are either non-threatening, or at worst, a very low level problem] --- meaning when it finds something, it should be significant.

 

at the end of the scan, it will generate a log, listing the problems found.   i'm expecting it will include one or more references to antivirus 2009.

 

be patient... and keep your fingers crossed.

Yes, it is currently running the quick scan. It has already found 5 problems so far....

So, it is still scanning. I guess I'll leave it scan overnight and give you the logfile tomorrow morning...

i'm calling it a night here too.

 

i'm wondering if AV'09 is seriously interfering with the scan (trying to "resist" it), and that's what's slowing things down...

 

i'll eagerly await your results tomorrow.

Well, so far my computer is running better. I haven't gotten any of those blocked site things as of yet, which seem to be a good sign.

since BugBatter has now arrived here, i will defer the matter [of any follow-up] to her...

How is your machine working now?

 

[some of the problems (e.g., trojan vundo) were more serious than others...]

 

if you still have symptoms/problems, please describe them in as much detail as possible...

How is everything running? Are you still experiencing any symptoms of malware?

So, it has been all scanned now and found 19 problems. I removed them all and have a log now.

 

 

11:11:29 AM 8/28/2008
mbam-log-08-28-2008 (11-11-29).txt

Scan type: Quick Scan
Objects scanned: 320604
Time elapsed: 2 hour(s), 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00410a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00f789e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00fc791 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1e11ff8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.