System Progressive Protection Virus

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Do you know what file/ the virus name that MSE detected?

Windows defender is automatically disabled if you are using MSE since they use a similar engine so nothing to worry :)

If you wish, we can check your system again. You'll need a usb for this one. Also, does malwarebytes turn orange everytime you boot up?

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close out this message, then type the following into the search box:
<>services.exe</></li>
<li>Now press the <>Search</> button</li>
<li>When the search is complete, search.txt will also be written to your USB</li>
<li>Type <>exit</> and reboot the computer normally</li>
<li>Please copy and paste both logs in your reply.(FRST.txt and Search.txt)</li></li>
</ol>
</ul>
 
Last edited by a moderator:

chaswr

New Member
Thread author
Verified
Jan 14, 2013
41
Hi there!

Thank you so much for responding!

I just printed out the instructions, reformatted a flash drive, copied the 64 bit file to it, and am ready to reboot. Looks like I am on my own once I do the reboot but your instructions look quite clear and easy to follow.

I thought windows defender may be disabled once MSE was installed, I just wanted to make sure. Thanks!

As for Malwarebytes being orange on a boot up, I am not sure. I will have to make sure I notice that from now on.

Okay, ready for this check. Will be back here when done! ..... Let's hope! Lol!
 

chaswr

New Member
Thread author
Verified
Jan 14, 2013
41
Okay, I'm back. I forgot to let you know what virus MSE found, it was "Trojan:JS/Medfos.B".

I did the FRST64 scan and I am attaching both log files.

Did you happen to get the donation from paypal or at least get notified about it?

On this boot up, Malwarebytes was green.
 

Attachments

  • FRST.txt
    43.1 KB · Views: 118
  • Search.txt
    602 bytes · Views: 84

chaswr

New Member
Thread author
Verified
Jan 14, 2013
41
This whole virus thing gets me upset because I am very careful about my pc and what sites I visit. I know not to visit anything questionable and the sites that I was browsing the other day have been the same sites that I have browsing for years. All reputable sites. And no, I don't open emails from unknown people or get cd/dvd/usb things from anyone. I am baffled about this one. Oh well....
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi, i have received the donation, thank you, i really appreciated it :). I'm currently in a lecture( late class i know :p) i will analyze your log and give you a reply when I get home
 

chaswr

New Member
Thread author
Verified
Jan 14, 2013
41
Ok, Hate to bother you, but do you have a time estimate? If it is late, we can continue tomorrow.... please let me know.
 

Fiery

Level 1
Jan 11, 2011
2,007
No problem, it's break time at the moment. I can most likely give you a reply before 8:30, i have one more hour then i head home
 

chaswr

New Member
Thread author
Verified
Jan 14, 2013
41
That sounds good. I will log back on here about 8:40ish and see what you have to say about those logs.

Thanks!
 

Fiery

Level 1
Jan 11, 2011
2,007
Back home :)

I realized I didn't address a few of your questions, sorry about that.

I use keyscramber with firefox whenever I need to enter banking information. KeyScrambler works only for firefox, not Seamonkey. There is a plugin for Opera I believe.

If you want keystroke protection outside of Firefox, you can download Zemana AntiLogger. I'm still currently trying this myself and it is still in BETA (Not a full release so there may still be bugs. That's why I'm not recommending it yet but once it's released, I will be). So keep an eye on that.

Reputable sites can get hacked and may distribute viruses for a short period of time until the site administrator takes it down. This danger applies to all sites. The Massachusetts Institute of Technology's website got hacked a few days ago and the hacker replaced the site with a page of their own.

I have gone through your logs, everything looks good, nothing suspicious :D

Let me know if you have further concerns or questions though :)
 

chaswr

New Member
Thread author
Verified
Jan 14, 2013
41
No worries about not answering my questions. You said you were in class and that takes priority. I do understand.

Is the keyscrambler for firefox a plug-in I find on the firefox/mozilla site? Or is it a seperate program from somewhere? Once you do start recommending "Zemana" would you be kind enough to email me letting me know where I can download it?

Do you remember your comment about me having McAfee (anti virus) installed? I said I didn't have that and was using AVG Free (now MSE) and I figured it was from trying to do an online scan at McAfee? I realized that I have a McAfee plug-in for firefox that is a site advisor. If you browse to a questionable site, it intercepts and asks if you are sure you want to go there because it may be unsafe. Is this a good plug-in to use?

Thank you very much for looking at those logs again. Maybe I am just being way to paranoid right now and noticing things that really are fine. I do appreciate the time you have spent with me here.
 

Fiery

Level 1
Jan 11, 2011
2,007
You can download KeyScrambler here. Make sure the KeyScrambler icon is green when you are in Firefox. That's when you know you are protected.

I don't use McAfee Site Advisor, I use Web of Trust for Firefox. http://www.mywot.com/ It serves the same purpose, I'm just not a big McAfee fan.

Is there a preferred email address that you would like me to email you? You can private message me, rather than post your email on the forum.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top