.exe files not working, Windows Defender pop-ups, etcc

  1. tntmo

    tntmo New Member Bronze Member

    Joined:
    Aug 24, 2007
    Posts:
    14
    Likes Received:
    0
    Local time:
    20:11
    My System
    Loading...

    It looks like I picked up a malware/spyware from the internet. I keep getting the Windows Defender fake anti-virus pop-up, and most/all .exe programs don't work from the icons. I did the pre-work, and have attached the files. I truly appreciate the assistance.

    Attached Files:

  2. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    13:11
    My System
    Loading...

    Hi.Welcome to the forum


    Please download Malwarebytes' Anti-Malware from one of these places:
    Majorgeeks or Besttechie

    Double Click mbam-setup.exe to install the application.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply.

    ===============================================

    Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.
    You can get help on disabling your protection programs here : How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Please include the C:\ComboFix.txt in your next reply for further review.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper

  3. tntmo

    tntmo New Member Bronze Member

    Joined:
    Aug 24, 2007
    Posts:
    14
    Likes Received:
    0
    Local time:
    20:11
    My System
    Loading...

    Ok, got both programs and ran them as advised. Here is the Malwarebyte's copy/paste and the combo.txt file. Thanks again.

    12/15/2011 4:26:38 PM
    mbam-log-2011-12-15 (16-26-38).txt
    Scan type: Quick scan
    Objects scanned: 171284
    Time elapsed: 3 minute(s), 17 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 1
    Folders Infected: 2
    Files Infected: 5
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34F10449-C902-FD14-65F1-AA2A26AC4CB1 (Trojan.FakeAlert) -> Value: 34F10449-C902-FD14-65F1-AA2A26AC4CB1 -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> Quarantined and deleted successfully.
    Folders Infected:
    c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    Files Infected:
    c:\WINDOWS\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\security defender\{1a67b661-15a3-41bc-8fb3-0085b8a59991}.pst (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\security defender\{90132f2f-2c92-4266-e689-7fdc2a67be60}.pst (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender\security defender.ico (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender\security defender.dll (Rogue.SecurityDefender) -> Quarantined and deleted successfully.

    Attached Files:

    • log.txt
      File size:
      15.4 KB
      Views:
      1
  4. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    13:11
    My System
    Loading...

    Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.

    Go to :
    Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

    ComboFix /uninstall



    Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

    Please download OTC to your desktop.

    Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
    Click on the CleanUp! button and follow the prompts.
    You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
    After the reboot all the tools we used should be gone.
    Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

    Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
    Afterwork
    Malware Prevention
    How Did I Get Infected
    More Tips on Prevention

    =============================
  5. tntmo

    tntmo New Member Bronze Member

    Joined:
    Aug 24, 2007
    Posts:
    14
    Likes Received:
    0
    Local time:
    20:11
    My System
    Loading...

    Cool, looks like it's all up and running good again. I'm glad PCHF is still here to help, got another computer fixed up about four years ago and have sent several friends over here too.
  6. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    13:11
    My System
    Loading...

    Ok great.Have a merry Christmas.
Similar Threads
Forum Title Date
System Security Exe Files not working after Virus Scan. Dec 13, 2011
System Security "Some Files Could Not Be Scanned" Mar 7, 2014
System Security Is it possible to "lock" some files on a portable harddisk Dec 20, 2013
System Security EXE*32 on all my files and webcam being used by another program Dec 5, 2013