Trouble finding Malwarebyte log

Status
Not open for further replies.

bosn8488

Posts: 8   +0
Hey there,

Great site here. I have been through the 8-step process to help rid my computer of what appeared to be the vundo virus. I am having trouble locating my log from Malwarebytes, so I can attach. Any other tips. I am running XP pro on my Dell e310 computer. Gotta get back to work. Thanks in advance.

Dan B.
 
...
Step 4

malwarebytesgc8.png

Malwarebytes' Anti-Malware

...
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

You can also click on Start->Run-> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Just copy and paste that into a run command ;)
 
Thanks for the reply Kimsland, was able to retrieve Malwarebytes log using the Start Run, but now cannot retrieve Superantispyware Scan Log. I am not sure what I am doing wrong, it's not like I've never touched a computer... Sometimes I think removing the virus is easier than retrieving logs and such.... Can you tell me the best way to get the Scan log. I even printed the instructions for the 8-step removal. arrghhh... Thanks again.

Dan B.
 
Just follow these steps precisely

Step 5

SASLogo48x48.gif


...

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply
 
Here are my logs...

Hi Kimsland,

Thanks for the response. Here are my logs, (I hope). Let me know what you discover. After I had ran malwarebytes, then restarted, I could not log into windows. It would log in then logoff immediately. Something affected my userinit.exe file. After getting help from a couple friends, I finally repaired that and was able get back in and finish the 8-step process. Anyhow, thanks again for this site.

Dan B.
 
Please re-run Malwarebytes
Confirm updated (third tab) By the way, your wasn't updated :(

You need to do this repeatedly until Malwarebytes finds none to remove
 
Okay, another try...

Hi kimsland,

Here are my updated malwarebytes and hijack log. My superantispyware log is on previous post. Is that okay? Let me know.

Dan B.
 
Please uninstall McAfee and Avast Antivirus (you can only have 1 Antivirus installed anyway :rolleyes: )
And download and install the free Avira Antivirus
Then do a full scan with updated Avira

Note there are are many "file missing" entries in your HJT log
You are also able to scan with HJT and tick each entry that states this
Then click on fix

Please supply another HJT log, after you have scanned with Avira, and also removed all the "file missing" entries (it should also be a much smaller log ;) )
 
Hi again Kimsland,

I'll take care of the recommendations, but one question. Why remove Avast and download Avira? I got the download for avast on the 8-step removal link. Is it just better? Thanks.

Dan B.
 
Because you have 2 presently installed, I felt it would be best to start clean, and remove them both ;)

Oh and find Avira better than Avast (but both are free, and excellent Antivirus softwares)
 
Okay, McAfee came with this Dell and I have not been impressed. It seems to eat up so much resource... and i just recently downloaded avast, but was not aware of the "two antivirus" program problem. That's cool though. My subscription to McAfee ends next month, and I would be more than happy to rid my cpu of it sooner that later. Will post my results when I have finished. Thanks again...
 
Okay, how's this?

I removed McAfee, used the removal tool, uninstalled avast and reloaded Avira, updated and ran a scan, and Hijack this log. Let me know what you think.

Dan B.
 
3 viruses and/or unwanted programs were found

But they weren't removed:
C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\Restart.exe
[DETECTION] Is the TR/BHO.SecretCrush Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49ed7750.qua'!

C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe
[DETECTION] Contains recognition pattern of the DR/Sheldor.BJ.2 dropper
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[WARNING] Error in ARK lib
[NOTE] The file is scheduled for deleting after reboot.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP17\A0008959.exe
[DETECTION] Contains recognition pattern of the DR/Sheldor.BJ.2 dropper
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49aa8354.qua'!

You might want to confirm they were actually removed
Also do this:
Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK



Now to open the HJT log ...

Please start HJT scan, and tick and fix, just this one:
Also close any Internet browsers before selecting fix
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -

Restart

Tell me how it's all going :)
 
So far, so good

Hey Kimsland,

Haven't had any problems all weekend. System seems to run a little smoother without McAfee. My processes in task manager went from 51 to 36-40 after I removed McAfee. Tell me something though. Do the free anti virus softwares work as well as the McAfee and Nortons, where you have to pay? Also, somebody I work with recommended AVG free. Is it any better than avira? Your opinion is appreciated.

Attached is my latest hijack this log. Is there anything else you need to see? Thanks again.

Dan B.
 
Status
Not open for further replies.
Back