Jump to content

mommasteph

Members
  • Content Count

    6
  • Joined

  • Last visited

About mommasteph

  • Rank
    Newbie
  1. Ok. I found the file in C:\Windows\System32\wdmaud.sys and I renamed it wdmaud.imavirus and all works again in my search engine world. It's no longer redirecting to 7.7.7.0 causing me to pull up add sites. Should I email the file? How and to who? I'd have to name it back to .sys before mailing it right?
  2. I've been researching this a lot, and Kapersky seems to have definitions for this: Named it rootkit.win32.agent.fwt So, I guess I'll go download that, and see if I can get rid of this malware....
  3. I've read about the 7.7.7.0 problem other places (I sent a PM with the details I can find)... How would it get hyjacked? This just suddenly started yesterday and coincidentally I also have a zillion viruses? It seems more likely to be malware... As you can tell I'm not to savvy when it comes to this stuff.... I'd appreciate any help you can give...
  4. Here is the summary if that helps at all... I removed the cookies cause they have my name... SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 02/02/2009 at 10:39 PM Application Version : 4.25.1012 Core Rules Database Version : 3741 Trace Rules Database Version: 1709 Scan type : Complete Scan Total Scan Time : 01:45:14 Memory items scanned : 533 Memory threats detected : 0 Registry items scanned : 6036 Registry threats detected : 10 File items scanned : 76683 File threats detected : 81 Adware.Vundo Variant HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9BD0828-1FD9-410C-A50F-43EBE65D310F} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9BD0828-1FD9-410C-A50F-43EBE65D310F} Rogue.Component/Trace HKLM\Software\Microsoft\206790AC HKLM\Software\Microsoft\206790AC#206790ac HKLM\Software\Microsoft\206790AC#Version HKLM\Software\Microsoft\206790AC#20673d2c HKLM\Software\Microsoft\206790AC#206754c9 HKU\S-1-5-21-4246250600-2457638980-4133488417-1007\Software\Microsoft\FIAS4018 Rogue.RapidAntivirus HKU\.DEFAULT\Software\Rapid Antivirus HKU\S-1-5-18\Software\Rapid Antivirus Application.PowerReg Scheduler C:\DOCUMENTS AND SETTINGS\MATTHEW \START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE Adware.k8l C:\PROGRAM FILES\MSN\ZYSOLAHD.HTML Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATION DATA\1D759F61157C5982 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATION DATA\A71F762714EEF91B C:\WINDOWS\SYSTEM32\WINTSVCC32.EXE Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\IJKKJ.INI Trojan.Downloader-Gen C:\WINDOWS\SYSTEM32\WINPFZ32.SYS
  5. I just posted my first post "Help...".. ...but after reading this...I think this is what I have because when I google search, I see the 7.7.7. thing in the bottom of the page as it searches.... How do I do the sample thing?
  6. I just downloaded and used the free version for the first time. It found 91 things including Trogans (vundo varient) and one of unknown origin off the top of my head--question, can I look at the files in the manage quarintine?)... This is after I ran Nortin 360 yesterday, which found Vundo. Then I ran Adaware, which also found Trogans. Malwarebytes was unable to get updates, but after I ran Adaware that cleared up and it's scanning now. My problem: When I go to google and search the results seem to be hyjacked. For example if I were to search Superantispyware, I know the address should be superantispyware.com....BUT the results show the correct snapshot of the site, but the green addy will say www.hotjobs.com, or some other crappy add site??? This is true for the next 10 etc. google search results. HELP! I've scanned this computer with a zillion things, why can't I get this off of my machine? and what is it?
×
×
  • Create New...