Need help with win32/heur Virus: Here are my logs

Status
Not open for further replies.
Hi,

I seem to have a win32/heur virus. I have run Malwarebytes' Anti-Malware and will post the log below, but after reading the other threads am I to understand that I must run Malwarebytes in normal mode, then restart and run it in Safemode, then post those logs? I wanted to check. After rebooting my computer as Malwarebytes said I needed to, the virus is still there. I am running Vista Home Edition.

Thank you very much for any help that anyone can offer.



current logs:Malwarebytes' Anti-Malware 1.41
Database version: 2823
Windows 6.0.6001 Service Pack 1

9/20/2009 12:48:18 AM
mbam-log-2009-09-20 (00-48-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 283537
Time elapsed: 4 hour(s), 34 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\M\AppData\Roaming\RegTool (Rogue.RegTool) -> Delete on reboot.
C:\Users\M\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Delete on reboot.
C:\Users\M\AppData\Roaming\RegTool\QuarantineW\2009-09-18 02-09-290 (Rogue.RegTool) -> Delete on reboot.
C:\Users\M\AppData\Roaming\RegTool\QuarantineW\2009-09-18 02-09-290 (Rogue.RegTool) -> Files: 580 -> Delete on reboot.
C:\Users\M\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
C:\8050435.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware\AntiMalware.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\M\Downloads\regtool_key.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\M\Downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT38DA.tmp (Malware.Tool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-36-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-38-150.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-59-440.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 02-01-300.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 09-07-360.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 23-08-050.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-19 19-49-450.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-19 19-58-460.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Windows\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
 
Go back and look over the 8-steps... Take your time and follow the instructions. They will explain how to post the 3 logs properly
 
Status
Not open for further replies.
Back