Attached Files
-
attach.txt 6.51KB
216 downloads
Edited by gimmick, 30 September 2009 - 12:57 PM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] Problem with Win32/renos.n
Started by
gimmick
, Sep 30 2009 12:35 PM
-
This topic is locked
7 replies to this topic
#1
gimmick
-
- New Member
-
- 4 posts
New Member
Posted 30 September 2009 - 12:35 PM
Register to Remove
#2
gimmick
-
- New Member
-
- 4 posts
New Member
Posted 01 October 2009 - 02:39 AM
This case seems to be resolved and I get no more warnings from Defender.
I went to Microsoft Defender site and found an 10mb update file for Windows Defender.
Microsoft recommended this packet against recent threats.
I installed the packet, run Defender and it found the infections and removed them successfully.
The weird thing is, I have Defender set to run every day and monitor constantly and also to update itself every day...
Anyway here is the log from Defender of the files it removed:
Resources:
file:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
file:
C:\Windows\System32\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}
file:
C:\Windows\msa.exe->(UPX)
taskscheduler:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
taskscheduler:
C:\Windows\System32\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}
containerfile:
C:\Windows\msa.exe
If there are any further actions I need to take, I would appreciate any help.
Thanks
Kim
#3
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 03 October 2009 - 09:21 PM
Hi,
Please run the following scans ti make sure there are no remnants
Please download Malwarebytes' Anti-Malware
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
NEXT
**Vista users - right click on the IE icon and run as administrator
Run an on-line scan with Kaspersky
Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
In your next reply please include
Please run the following scans ti make sure there are no remnants
Please download Malwarebytes' Anti-Malware
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected. <-- very important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
NEXT
**Vista users - right click on the IE icon and run as administrator
Run an on-line scan with Kaspersky
Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Click View scan report at the bottom.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
In your next reply please include
- MBAM Log
- Kaspersky report
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#4
gimmick
-
- New Member
-
- 4 posts
New Member
Posted 06 October 2009 - 09:19 AM
Here are the scan results from both Malwarebyte and Kaspersky.
The Kaspersky report is HTML file and added as attachent.
Some infections were found, but I don't know if they are bad or harmeless, one surprising infected mp3 file found with Kaspersky...
One thing is strange; I have Perfect Optimizer which I use to clean up my system from time to time, both Win Defender and Mawarebyte thinks it's a high risk malware and delete it in scan...
It is a purchased program and when looking into this problem I found a site from Internet that stated the program is clean. It would be nice to know what is the case with that program.
Malwarebytes' Anti-Malware 1.41
Database version: 2914
Windows 6.0.6002 Service Pack 2
6.10.2009 15:07:32
mbam-log-2009-10-06 (15-07-32).txt
Scan type: Quick Scan
Objects scanned: 86205
Time elapsed: 3 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PerfectOptimizer.exe (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Attached Files
-
Kaspersky_report.html 3.2KB
6 downloads
#5
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 06 October 2009 - 09:50 AM
Hi,
Generally when malwarebytes label a program as "rogue" it means they have done extensive testing of the product and in their estimation it doesn't live up to it's claims. That doesn't necessarily make it a 'bad' program in itself, but I have read more complaints about the program than decent reviews, so you should make up your own mind as to whether you wish to keep this program or not. Reinstall it from the disk if you wish.
I would delete the mp3 file found to be infected by Kaspersky.
Please do the following:
Press Start > Run and copy/paste the following single-line command into the Run box and click OK:
cmd /c del /f/a/q "D:\Laulujutut\Netistä\rehab amy whinhouse sexy girl has shaking orgasm during sex.mp3"
Next:
your Java needs updating
Go to Start > Control Panel > Java > Update Tab > Update Now
The rest of you log appears clean.
You can delete the DDS and RootRepeal logs from your desktop. Keep MalwareBytes, it is a good program to have, update it frequently and run it.
delete any remaining logs from your desktop.
NEXT
set new restore point:
Then remove all previous Restore Points
NEXT
Below I have included a number of recommendations for how to protect your computer against malware infections.
Thank you for your patience, and performing all of the procedures requested.
Please respond to this thread one more time so we can mark this thread as resolved.
Generally when malwarebytes label a program as "rogue" it means they have done extensive testing of the product and in their estimation it doesn't live up to it's claims. That doesn't necessarily make it a 'bad' program in itself, but I have read more complaints about the program than decent reviews, so you should make up your own mind as to whether you wish to keep this program or not. Reinstall it from the disk if you wish.
I would delete the mp3 file found to be infected by Kaspersky.
Please do the following:
Press Start > Run and copy/paste the following single-line command into the Run box and click OK:
cmd /c del /f/a/q "D:\Laulujutut\Netistä\rehab amy whinhouse sexy girl has shaking orgasm during sex.mp3"
Next:
your Java needs updating
Go to Start > Control Panel > Java > Update Tab > Update Now
The rest of you log appears clean.
You can delete the DDS and RootRepeal logs from your desktop. Keep MalwareBytes, it is a good program to have, update it frequently and run it.
delete any remaining logs from your desktop.
NEXT
set new restore point:
- Close and save any documents that you may have open.
- Open up the Start Menu and right-click on "Computer", and then select "Properties"
- This will take you into the System area of Control Panel. Click on the "Advanced system settings" on the left hand side.
- Now select the "System Protection" tab to get to the System Restore section.
- Click the "Create" button to create a new restore point. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later.
- Click the Create button, and then the system will create the restore point.
- When it's all finished, you'll get a message saying it's completed successfully.
- You will now have a new restore point
Then remove all previous Restore Points
- Click Start Menu > Run > copy and paste
- cleanmgr into the run box
- At the top, click on the More Options tab, under System Restore and Shadow Copies group,
- Click the Clean up button,
- Vista will ask you if you’re sure, click on Yes button.
- When finished, click on Cancel button to exit.
NEXT
Below I have included a number of recommendations for how to protect your computer against malware infections.
- Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer. - SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
- For Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- Please read these useful guides How did I get infected in the first place?
- PC Safety and Security--What Do I Need?[/b]
- miekiemoes' Prevention topic.
Thank you for your patience, and performing all of the procedures requested.
Please respond to this thread one more time so we can mark this thread as resolved.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#6
gimmick
-
- New Member
-
- 4 posts
New Member
Posted 07 October 2009 - 02:40 PM
A big thanks for this thorough explanation and help 
I did all that was asked and I'm a lot better off now.
Nice to have someone selflessy doing this very important work.
I did all that was asked and I'm a lot better off now.
Nice to have someone selflessy doing this very important work.
#7
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 07 October 2009 - 02:47 PM
You are more than welcome
stay safe 
~CB
~CB
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#8
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 07 October 2009 - 02:49 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
