[Inactive] System check virus, please help remove

TexAndrea · Jan 13, 2012

New MBAM log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Admin :: MAIN [administrator]

1/13/2012 12:46:55 PM
mbam-log-2012-01-13 (12-46-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 710315
Time elapsed: 2 hour(s), 14 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3070.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc3083.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-2906683688-78787508-1238319441-1006\Dc2939.0-AiR\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc1\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\RECYCLER\S-1-5-21-57989841-308236825-839522115-1003\Dc2\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\Admin\AppData\Local\Temp\ICReinstall\PDFConverterSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP600\A0148057.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\13.01.2012_12.34.21\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\13.01.2012_12.34.21\mbr0001\tdlfs0000\tsk0002.dta (Trojan.Agent) -> Quarantined and deleted successfully.
G:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
G:\Data\Work\download\Sony ACID Pro 6.0d Build 363\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
G:\Data\Work\download\Sony DVD Architect Pro 5.0b Build 180\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)

TexAndrea · Jan 16, 2012

Script?

Bobbye,

You mentioned a Combofix script that you were going to write on Friday. Just bringing this back to the top of your queue.

The system has been fine with no issues since the last steps that were done.

Thanks.

Bobbye · Jan 16, 2012

G:\Data\Work\download\Sony ACID Pro 6.0d Build 363\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
G:\Data\Work\download\Sony DVD Architect Pro 5.0b Build 180\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

You are continuing to pirate programs- these new ones in addition to previous ones now in System Restore.

Sony ACID Pro 6.0d Build 363 is a $300 program
Sony DVD Architect Pro 5.0b starts at $40

Please remove all pirated program and downloads to continue support.

TechSpot

[Inactive] System check virus, please help remove

TexAndrea Newcomer, in training

TexAndrea Newcomer, in training

Bobbye Helper on the Fringe