Computer reboots when I click Quarantine

jldhawk · April 6, 2009

I have a log I can add if anyone can help me remove a nasy batch of spys, I have the "LIFETIME: subscription of Superantispyware installed on this computer infected.

It detected a bunch of spys, but I can't quarentine them or delete them, it reboots my computer when I try.

below is PART of the log, the last paragragh is a LOT larger, I just didn't copy all of that.

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 04/05/2009 at 01:59 PM

Application Version : 4.26.1000

Core Rules Database Version : 3829

Trace Rules Database Version: 1785

Scan type : Complete Scan

Total Scan Time : 00:38:59

Memory items scanned : 538

Memory threats detected : 1

Registry items scanned : 7108

Registry threats detected : 741

File items scanned : 24461

File threats detected : 139

Adware.Vundo/Variant-MSFake

C:\WINDOWS\SYSTEM32\KVHFSUW.DLL

C:\WINDOWS\SYSTEM32\KVHFSUW.DLL

Trojan.Agent/Gen-PolyFake

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22DFF274-079E-4F4D-A083-F4712A09A413}

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}#Version

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}#Flags

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\InprocServer32

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\InprocServer32#ThreadingModel

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\ProgID

HKCR\Elzkolvr

HKCR\Elzkolvr#TimeStamp

HKCR\Elzkolvr\CLSID

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22DFF274-079E-4F4D-A083-F4712A09A413}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vkcueheb

Adware.MyWebSearch

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.Vundo Variant

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C134D3-087C-4139-A98C-3A078358DFDE}

Adware.MyWebSearch/FunWebProducts

jldhawk · April 7, 2009

CA Antiviris says I have the following virus:

Win32/Tisblk.bb in my windows/system32/drivers folder, but when I do a full virus scan there is nothing detected.

I have tried both scans in safe mode, will try again now.

I'll let you know.

Jeff

jldhawk · April 19, 2009

I still get a CA alert that I have a virus, but when I scan the system in Safe mode or normal mode, I find no virus.

jldhawk · May 10, 2009

I was able to remove the virus I believe with CA antispam software, Superantispy didn't call it by the same name, I think superantispy found it as a spy, but CA thought it was a virus.

between the two programs, I think I stopped that one.

Thanks for your help.

Sign In

Computer reboots when I click Quarantine

Recommended Posts

jldhawk

Share this post

Link to post

Share on other sites

jldhawk

Share this post

Link to post

Share on other sites

jldhawk

Share this post

Link to post

Share on other sites

jldhawk

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity