.exe files not working, Windows Defender pop-ups, etcc

Discussion in 'Virus, Spyware and Malware Removal' started by tntmo, Dec 15, 2011.

Recommended: Click here to Fix Errors and Optimize Windows

  1. tntmo Bronze Member

    Bronze
    Message Count:
    10
    Likes Received:
    0
    My System
    Loading...
    It looks like I picked up a malware/spyware from the internet. I keep getting the Windows Defender fake anti-virus pop-up, and most/all .exe programs don't work from the icons. I did the pre-work, and have attached the files. I truly appreciate the assistance.

    Attached Files:

    tntmo, Dec 15, 2011
    #1

  2. Pancake Security Team

    PCHF Staff
    Message Count:
    13,490
    Likes Received:
    593
    My System
    Loading...
    Hi.Welcome to the forum


    Please download Malwarebytes' Anti-Malware from one of these places:
    Majorgeeks or Besttechie

    Double Click mbam-setup.exe to install the application.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply.

    ===============================================

    Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.
    You can get help on disabling your protection programs here : How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Please include the C:\ComboFix.txt in your next reply for further review.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper
    Pancake, Dec 15, 2011
    #2

  3. tntmo Bronze Member

    Bronze
    Message Count:
    10
    Likes Received:
    0
    My System
    Loading...
    Ok, got both programs and ran them as advised. Here is the Malwarebyte's copy/paste and the combo.txt file. Thanks again.

    12/15/2011 4:26:38 PM
    mbam-log-2011-12-15 (16-26-38).txt
    Scan type: Quick scan
    Objects scanned: 171284
    Time elapsed: 3 minute(s), 17 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 1
    Folders Infected: 2
    Files Infected: 5
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34F10449-C902-FD14-65F1-AA2A26AC4CB1 (Trojan.FakeAlert) -> Value: 34F10449-C902-FD14-65F1-AA2A26AC4CB1 -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> Quarantined and deleted successfully.
    Folders Infected:
    c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    Files Infected:
    c:\WINDOWS\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\security defender\{1a67b661-15a3-41bc-8fb3-0085b8a59991}.pst (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\WINDOWS\System32\config\systemprofile\AppData\Roaming\security defender\{90132f2f-2c92-4266-e689-7fdc2a67be60}.pst (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender\security defender.ico (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
    c:\program files (x86)\security defender\security defender.dll (Rogue.SecurityDefender) -> Quarantined and deleted successfully.

    Attached Files:

    • log.txt
      File size:
      15.4 KB
      Views:
      1
    tntmo, Dec 16, 2011
    #3

  4. Google Advertisement

  5. Pancake Security Team

    PCHF Staff
    Message Count:
    13,490
    Likes Received:
    593
    My System
    Loading...
    Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.

    Go to :
    Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

    ComboFix /uninstall



    Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

    Please download OTC to your desktop.

    Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
    Click on the CleanUp! button and follow the prompts.
    You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
    After the reboot all the tools we used should be gone.
    Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

    Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
    Afterwork
    Malware Prevention
    How Did I Get Infected
    More Tips on Prevention

    =============================
    Pancake, Dec 16, 2011
    #4

  6. tntmo Bronze Member

    Bronze
    Message Count:
    10
    Likes Received:
    0
    My System
    Loading...
    Cool, looks like it's all up and running good again. I'm glad PCHF is still here to help, got another computer fixed up about four years ago and have sent several friends over here too.
    tntmo, Dec 16, 2011
    #5

  7. Pancake Security Team

    PCHF Staff
    Message Count:
    13,490
    Likes Received:
    593
    My System
    Loading...
    Ok great.Have a merry Christmas.
    Pancake, Dec 16, 2011
    #6

.exe files not working, Windows Defender pop-ups, etcc

Recommended: Click here to Fix Errors and Optimize Windows