malware delete on reboot not working

January 27, 2010 at 05:55:18
Specs: Windows Vista, 2.2ghz dual core / 2gb
The problem is i do a scan with malwarebytes find 7 infected files. Try to delete them and it says they need to be deleted on reboot. These files are not at their locations on my hard drive that they specify. I am unsure if my computer is safe or not. After each reboot I rescan and they are still found as infections.

(they are only in the extra and heuristics objects section, so i targeted that with the scan although i have done several full scans finding no extra infections)

here is the mbam log:

Malwarebytes' Anti-Malware 1.44
Database version: 3639
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

1/27/2010 8:39:00 AM
mbam-log-2010-01-27 (08-39-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 69798
Time elapsed: 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\owner\AppData\Local\Temp\rundll32.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\e.exe (Trojan.Dropper) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\f.exe (Trojan.Dropper) -> Delete on reboot.

See More: malware delete on reboot not working

January 28, 2010 at 11:53:57
Also these infections are only found when I scan in normal windows mode, they cannot be found when I scan in safe mode.

Report •

January 28, 2010 at 13:26:46
Just a thought here. Why not get a second opinion. Go here, and get SuperAntispyware, it is free, very good reputation. After you download it, update it, then run it, and see what it comes up with

Report •

January 28, 2010 at 14:05:09
I used that as well its only finding some tracking cookies. the only program that finds these infected files is with malwarebytes.

I could rescan and post the log from superantispyware, if you would think it would help.

Report •

Related Solutions

January 28, 2010 at 14:12:39
What do you have for Antivirus software, and have you scanned with it, and does the scan come up clean?

Report •

January 28, 2010 at 14:41:51
I used to have norton it got corrupted from a restore point, so I uninstalled it, but I have avast now. it comes up clean

Report •

January 28, 2010 at 16:31:26
Well, it`s not looking good for Malwarebytes(it could be corrupt) is it, Spywareblaster shows ok, Avast shows ok, I believe as a double check, I would use an online scanner, this eliminates your virus software on your computer being compromised. The one I use is free, It is ESET , and is found here, and is a top of the line online scanner:

Report •

January 28, 2010 at 21:58:42

That scan did find a file with :

a variant of Win32/HackTool.Patcher.A application deleted - quarantined

I did not rescan yet i will overnight, it took 2hrs

although i did do another malwarebytes scan the results recurred. I also tried reinstalling malwarebytes after that scan, same results.

Report •

Ask Question