Jump to content
Sign in to follow this  
Followers 0
jldhawk

Computer reboots when I click Quarantine

By jldhawk, in General Questions

Recommended Posts

jldhawk   

jldhawk
Posted

I have a log I can add if anyone can help me remove a nasy batch of spys, I have the "LIFETIME: subscription of Superantispyware installed on this computer infected.

It detected a bunch of spys, but I can't quarentine them or delete them, it reboots my computer when I try.

below is PART of the log, the last paragragh is a LOT larger, I just didn't copy all of that.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/05/2009 at 01:59 PM

Application Version : 4.26.1000

Core Rules Database Version : 3829

Trace Rules Database Version: 1785

Scan type : Complete Scan

Total Scan Time : 00:38:59

Memory items scanned : 538

Memory threats detected : 1

Registry items scanned : 7108

Registry threats detected : 741

File items scanned : 24461

File threats detected : 139

Adware.Vundo/Variant-MSFake

C:\WINDOWS\SYSTEM32\KVHFSUW.DLL

C:\WINDOWS\SYSTEM32\KVHFSUW.DLL

Trojan.Agent/Gen-PolyFake

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22DFF274-079E-4F4D-A083-F4712A09A413}

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}#Version

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}#Flags

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\InprocServer32

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\InprocServer32#ThreadingModel

HKCR\CLSID\{22DFF274-079E-4F4D-A083-F4712A09A413}\ProgID

HKCR\Elzkolvr

HKCR\Elzkolvr#TimeStamp

HKCR\Elzkolvr\CLSID

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22DFF274-079E-4F4D-A083-F4712A09A413}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vkcueheb

Adware.MyWebSearch

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.Vundo Variant

HKU\S-1-5-21-1757981266-1078081533-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C134D3-087C-4139-A98C-3A078358DFDE}

Adware.MyWebSearch/FunWebProducts

Share this post

Link to post
Share on other sites

jldhawk   

jldhawk
Posted

CA Antiviris says I have the following virus:

Win32/Tisblk.bb in my windows/system32/drivers folder, but when I do a full virus scan there is nothing detected.

I have tried both scans in safe mode, will try again now.

I'll let you know.

Jeff

Share this post

Link to post
Share on other sites

jldhawk   

jldhawk
Posted

I still get a CA alert that I have a virus, but when I scan the system in Safe mode or normal mode, I find no virus.

Share this post

Link to post
Share on other sites

jldhawk   

jldhawk
Posted

I was able to remove the virus I believe with CA antispam software, Superantispy didn't call it by the same name, I think superantispy found it as a spy, but CA thought it was a virus.

between the two programs, I think I stopped that one.

Thanks for your help.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...