Hey guys, i just realised today my antivirus wasnt working, I have avg8 installed, Its been working fine till now, I click on scan does nothing, update does nothing, So i tried to reinstall, But still same Problem, So i tried a System Restore, Still the same, Next up i tried, To Install, NOD32 instead, this time, it won't even install, And same with AVIRA, and couple other anti virus programs, I'm sure i have a virus or malware or one of the other problems, But i have no idea or clue on how to takle this problem... Soo this is where you guys come in with your Expertise.... Any help or advice would be very much appreciated, THANKS IN ADVANCE GUYS, Hope to hear a solution...

8 Years
Discussion Span
Last Post by jholland1964

Try disabling all your av programs and download MalwareBytes anti-malware. Update MB a-m then run a full scan and remove all the baddies it finds. Maybe it will let you install and run MB, it might be a good idea to rename the file when you download it so the malware on your computer doesn't flag it. It it runs and kills some malware then post that log here.


Hey thanks for the REPLY, I done what you've said, and MALWAREBYTES Picked up 16 infections, hopefully thats enough.To fix it, And i 've POSTED the LOG


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.1.7100

11/12/2009 5:30:06 AM
mbam-log-2009-11-12 (05-30-06).txt

Scan type: Quick Scan
Objects scanned: 79988
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\msxm192z.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\2444356.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\2979024.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\3751577.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\msxm192z.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\Explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.



Looks like you got rid of allot of nasty stuff there, thing is you will have to run the scan again since MBa-m was out of date when you scanned. Open MalwareBytes and click "update" it'll quickly update to the latest version and after that run a full scan and ensure all other AV apps are disabled before you run the scan. After that if you don't notice any other issues you should be set. If your not sure you might wan't to post a HJT log possiblyin a new thread to ensure the real techs here review it.

Another thing, you need to run a FULL scan, the quick scan only searches things like high traffic areas or places most likely to find viruses but the goal of a virus is to embed themselfes deep into a system where they are well hidden so a Full scan is crucial to find all the infections. Perform these steps and you should be good to go.

Edited by R1pperZ: n/a


Thanks man, I've got a LAPTOP AND DESKTOP, and my laptop, won't even let me update my MALWAREBYTES program, But the good thing is it would let me install antivirus software, But its not picking up anything...
As for my desktop, I'll do what you've said.. THANKS


A better idea is to work on ONE computer at a time since both may be infected. Get the one computer clean and then you can better work on the other one.
Which computer did the MBA-M scan come from? If it is the laptop and you cannot update MBA-M on that one then leave it for now and work on the desktop.
Be sure to state which computer you are going to be dealing with and when it is deemed fully clean then you will be told to move onto the other.
As far as the laptop antivirus program not picking up anything don't be fooled by that, many times trojans will NOT be picked up by an antivirus program because that is not what they are designed to do. What antivirus did you install, were you able to update it?

Choose the computer to clean, install MBA-M, update it if possible and do the Full Scan with it and have it remove whatever it finds. Reboot the computer. Download HiJackThis and do a system scan with that and save the log. Post back here with the MBA-M log and the HJT log. Then you will be told what additional scans you will need to do.

Perform these steps and you should be good to go.

It is very rare that infection is removed by using just one or two tools today.

Edited by jholland1964: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.