justice dept warning

Discussion in 'Malware Help (A Specialist Will Reply)' started by bp9019, Oct 2, 2012.

  1. bp9019

    bp9019 Private E-2

    i finally had time to complete read and run and i am attaching logs.whenever i sign into my account on laptop this comes up in notebook
    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787 as you can probably tell i am not really good with computer but i do tell all the people i know that your site is a great place for help
     

    Attached Files:

    bp9019, Oct 2, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didn't attach the log from running MGTools--C:\MGLogs.zip.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:



    • [RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\RAYW~1.PAI\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\B87TOQ3D\SYNCME~1.SH! C:\Users\RAYW~1.PAI\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\9QO0G7J8\SYNCME~1.SH!) -> FOUND
      [RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\RAYW~1.PAI\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\B87TOQ3D\SYNCME~1.SH! C:\Users\RAYW~1.PAI\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\9QO0G7J8\SYNCME~1.SH!) -> FOUND
      [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
      [TASK][SUSP PATH] {8BBEE3F2-4AB9-40F2-B98A-C2DA971A7D70} : C:\WINDOWS\System32\pcalua.exe -a "C:\Users\mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WITLN7N\install[2].exe" -d C:\Users\mary\Desktop -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)

    Reboot and re-scan with RogueKiller and attach the new log.

    Don't forget to also attach the log from running MGTools.
     
    TimW, Oct 2, 2012
    #2
  3. bp9019

    bp9019 Private E-2

    I am attaching rk2 report and mgtools log
     

    Attached Files:

    bp9019, Oct 17, 2012
    #3
  4. bp9019

    bp9019 Private E-2

    attached is rk3and rk quarantine. This all about a desktop not a laptop
     

    Attached Files:

    bp9019, Oct 17, 2012
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is a bad idea to allow all users to have Admin. privileges!!

    I am not finding any malware in your logs, except for a few items that date back a few years.

    Use windows explorer to find and delete:
    C:\Users\Ray W. Painton Jr\AppData\Roaming\Microsoft\Windows\Templates\id7F4Wr0UP77
    C:\Users\Ray W. Painton Jr\AppData\Local\2999075897
    C:\Users\Ray W. Painton Jr\AppData\Local\id7F4Wr0UP77
    C:\ProgramData\2999075897
    C:\ProgramData\id7F4Wr0UP77

    Now tell me what malware issues you are still having, if any.
     
    TimW, Oct 17, 2012
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds