Inactive GMER - Stuck on what to do next

laweffect · 2011/06/12

[Inactive] GMER - Stuck on what to do next

Hi there,

I got a virus/malware last night which redirect searches from google to dodgy sites plus Windows defender has been detactivated and wont switch back on. I have done the following:

-Ran Avast virus scanner and found nothing
-Ran Malware bytes which found a few things and cleaned them
-Rebooted
-Ran Malware bytes again and it found nothing
-Still had issues so downloaded GMER and it has found some Rootkit/Malware but am not sure how to clean it.

but my knowledge is not great on this stuff.

Please see log file info below.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 09:50:23
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cc86f07
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cc86f07@e839df03d7aa 0xB8 0x78 0x4F 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cc86f07@e8e5d64ca17a 0x2B 0x56 0x7B 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cc86f07@002376e4a8c6 0x46 0xC1 0xC1 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cc86f07 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cc86f07@e839df03d7aa 0xB8 0x78 0x4F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cc86f07@e8e5d64ca17a 0x2B 0x56 0x7B 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cc86f07@002376e4a8c6 0x46 0xC1 0xC1 0x91 ...

---- EOF - GMER 1.0.15 ----

Many thanks,
Lee

broni · 2011/06/12

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Your GMER log looks fine.

Please, complete all steps listed HERE

laweffect · 2011/06/13

Thanks for the advice bronic it is very helpful and I know a lot more now if this happens again in the future.

In the end I did a system restore as the laptop is only two weeks old there is not much data on it.

Lessons learnt

- Set-up a decent backup system, both offline and online
- Properly secure pc with virus scanners and malware detectors
- Be careful when clicking links from suspicious sites
- If in help, visit this great forum

Lee

broni · 2011/06/13

Thanks for posting back

Log in or Sign up

Inactive GMER - Stuck on what to do next

laweffect Inactive Thread Starter

broni Moderator Malware Analyst

laweffect Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive GMER - Stuck on what to do next

laweffect Inactive Thread Starter

broni Moderator Malware Analyst

laweffect Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches