All scanners show clean, but I'm still infected

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by wesheald, May 2, 2011.

  1. wesheald

    wesheald Private E-2

    Hi everyone,

    This one has me stumped. I had some spyware on my pc which is running XP pro SP3. I had trouble installing superantspyware, and malware bytes. Renaming the installers got them installed, then renaming the executables got them to run. All discovered infections were removed. There wasn't much, but I don't remember which ones. When I rebooted, superantispyware still didn't run automatically, so I uninstalled and reinstalled. I still had to do the renaming to get it to run. Same goes for Malware bytes. I have run ccleaner, superantispyware, malware bytes, combofix, spysweeper, spyware doctor, rkill, sophos anti-rootkit, and counterspy. Spyware doctor, reports Trojan-Downloader.Murlo which references catchme, but I think this is part of combofix.

    When I ran combofix, it said I have Antivirus Action installed. I followed the manual removal procedure for Antivirus Action, and none of the artifacts listed were on my system, but combofix, and also Windows Security Center report that Antivirus Action is there. I ran combofix anyway, but it didn't help.

    Can anyone tell me where Windows Security Center gets the idea Antivirus Action is installed? And is there any other way other than a running program which I haven't found yet can cause both malware bytes and super antispyware to terminate on startup even in safe mode? By the way, I checked the security settinds on the executables, and both SAS, and MBAM allow execution.

    How do I fix this?
     
    wesheald, May 2, 2011
    #1
  2. wesheald

    wesheald Private E-2

    here are the various log flies associated with my scans:
     

    Attached Files:

    wesheald, May 2, 2011
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Before I can work up a proper fix, I need to ask you some questions due to differing information in your logs. In your logs there are signs of PC Tools Spyware Doctor, Sunbelt Counterspy, AVG, and also Norton. But then in another log none of these show up as installed. So I need to know exactly what you have still installed so that we can also remove leftovers from any that are no longer installed.

    So answer the above so I can start on a full fix and also do the below.


    Combofix does not belong here c:\install\ComboFix.exe Please move it to your Desktop as was requested so that you can follow my next fix when we get to it.


    Uninstall the below old versions of software:
    Java(TM) 6 Update 18

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Also attach the below logs from SUPERAntiSpyware and Malwarebytes
    Code:
    "C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Apr 28 2011 1729  "SUPERAntiSpyware Scan Log - 04-28-2011 - 07-26-45.log"
Apr 29 2011 1097  "SUPERAntiSpyware Scan Log - 04-29-2011 - 17-17-48.log"
 
"C:\Documents and Settings\user\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Apr 28 2011 1016  "mbam-log-2011-04-28 (09-09-53).txt"
Apr 29 2011  921  "mbam-log-2011-04-29 (16-39-14).txt"
     
    chaslang, May 2, 2011
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds