I have been infected with the "System Check" malware. The infection is actually on a user login that is my child's and is limited. I have been using my husband's login to download the programs and do the scans. This shouldn't matter right? Or do I have to use the login that is infected? I have followed the preliminary 5-step process. Thank you in advance for any help!
Here are the logs:
I can't seem to get a log from Malwarebytes Anti-Malware actually because the process freezes up when "deleting" or quarantining the threats so I end up having to shut the program down before it can create a log. However, when I view the quarantine, the threats have been removed.
From GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-29 22:02:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-22UST0 rev.01.01A01
Running: kshg0s61.exe; Driver: C:\Users\Tessa\AppData\Local\Temp\uwtyrpod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Here are the logs:
I can't seem to get a log from Malwarebytes Anti-Malware actually because the process freezes up when "deleting" or quarantining the threats so I end up having to shut the program down before it can create a log. However, when I view the quarantine, the threats have been removed.
From GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-29 22:02:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-22UST0 rev.01.01A01
Running: kshg0s61.exe; Driver: C:\Users\Tessa\AppData\Local\Temp\uwtyrpod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----