# That Malibytes Idea John Suggested Has Only Made My Computer Worse



## Jonathan1990 (Jul 31, 2011)

About 2 months ago my computer had about 500 infections.  John who is the Super Moderater on here suggested that I use this programme called Malibytes (if I've spelt it right).  I used that option today as the infections had rised up to 680.  It has only made things worse and now it has shot up to 800 infections.

Does anyone else have any other ideas?


----------



## tremmor (Jul 31, 2011)

Not true. You have a different issue.
Read the instructions (sticky) at the top of the security section
and wait for a reply. reply in the security section only and wait.
http://www.computerforum.com/computer-security/


----------



## User0one (Aug 1, 2011)

I would reinstall Windows, then suggest you learn how to avoid getting infected to start with.


----------



## johnb35 (Aug 1, 2011)

Providing you actually download Malwarebytes and not some rogue program, Malwarebytes will not make your amount of infections go up.  Is malwarebytes saying you have over 800 infections or what program are you using?  Without getting some sort of log from you telling me whats actually infected, I can't help you.  But please don't go blaming Malwarebytes on your issue, it didn't increase your infections.

Also, moved to the security section.


----------



## claptonman (Aug 1, 2011)

Did you properly remove all those infections before? Sounds like your continuing behavior that keeps giving you more infections. Malwarebytes only removes the problem, it doesn't protect you.


----------



## tremmor (Aug 1, 2011)

I will bet also he's over due for a wipe and get er done.
One time.


----------



## Okedokey (Aug 1, 2011)

Agreed, time for reinstall.


----------



## GaryCantley (Aug 1, 2011)

bigfellla said:


> Agreed, time for reinstall.



Either that or put it back in the original boxes and take it back to the shop.

I cant stand people that get help from professionals for FREE, dont follow the instructions to the letter then blame the helper.

I reckon he has run the scan but not followed the instructions afterwards and therefore not cleared the infections.


----------



## johnb35 (Aug 1, 2011)

GaryCantley said:


> Either that or put it back in the original boxes and take it back to the shop.
> 
> I cant stand people that get help from professionals for FREE, dont follow the instructions to the letter then blame the helper.
> 
> I reckon he has run the scan but not followed the instructions afterwards and therefore not cleared the infections.



Thats very possible Gary.  If he has 800 infections, I'm worried that he may have the Virut infection.  However, we can't tell until he provides us with logs.  I know the MYWEBSEARCH malware can reach up into the hundreds of entries but I don't know about 800 and its one of the most common ones out there right now.  And it can cause some weird things to happen on your pc.  My daughter used to get it all the time, would open lots of IE windows and not stop until you did a hard shutdown.  Thankfully she don't get it anymore.


----------



## GaryCantley (Aug 1, 2011)

johnb35 said:


> Thankfully she don't get it anymore.



Is that cos she has learnt her lesson or is fed up of the beatings from Dad?


----------



## johnb35 (Aug 1, 2011)

GaryCantley said:


> Is that cos she has learnt her lesson or is fed up of the beatings from Dad?



Somewhat learnt her lesson I believe as I haven't had to clean up her machine in almost a year I think.


----------



## Jonathan1990 (Aug 2, 2011)

*No Need For Insults.*

When I first got my computer I had a protection programme called Norton Virus which only lasted a few months then it expired and was asking for £20 to update it to protect my computer again.  I have tryed lots of differen't ways to get them cleared.  I did managed to get it down to 450 when I had 650 but it soon raced up to 600 again.  I was watching it the other day and 1 infection came in though facebook.

What I think is that it is silly people who spend hours on computers creating them so that they can come into your computer.

Also it's those people who create them who are bad boys not me.


----------



## johnb35 (Aug 2, 2011)

We weren't insulting you.  You aren't providing any logs for us to help you remove your infections or depending on what you have, you may have to reinstall Windows.

Please provide the malwarebytes log along with the hijacking this log so we can get your system cleaned up.


----------



## lubo4444 (Aug 2, 2011)

If you check old threads in this sections, you will see that John helped many people with cleaning their computers and so far everybody is happy.


----------



## TFT (Aug 3, 2011)

Jonathan1990 said:


> When I first got my computer I had a protection programme called Norton Virus which only lasted a few months then it expired and was asking for £20 to update it to protect my computer again.  I have tryed lots of differen't ways to get them cleared.  I did managed to get it down to 450 when I had 650 but it soon raced up to 600 again.  I was watching it the other day and 1 infection came in though facebook.
> 
> What I think is that it is silly people who spend hours on computers creating them so that they can come into your computer.
> 
> Also it's those people who create them who are bad boys not me.



You are not the bad boy, you are a silly boy. Unless you are really savvy on the sites you visit then never browse without adequate protection, now stop moaning and post the logs up.


----------



## Jonathan1990 (Aug 3, 2011)

Ok here is the log that I saved if this is what you mean.


----------



## claptonman (Aug 3, 2011)

Why does it say to the right that there was no action taken? Those need to be removed. Click 'Show results,' make sure they're all selected, and click 'remove selected.'

Is your Windows 7 updated? Yours is showing "Windows 6.0.6000" and mine is showing "6.1.7601 Service Pack 1"

You should also update to IE8, or get a different browser like firefox or chrome.


----------



## johnb35 (Aug 3, 2011)

Jonathan1990 said:


> Ok here is the log that I saved if this is what you mean.



Do me a favor and just copy and paste log into your reply.  I'm at work on my phone and cant download that file.  I would love to are the log before I get home tonight so I can help you better.  I would also need to see the hijack this log as well.


----------



## Jonathan1990 (Aug 3, 2011)

johnb35 said:


> Do me a favor and just copy and paste log into your reply.  I'm at work on my phone and cant download that file.  I would love to are the log before I get home tonight so I can help you better.  I would also need to see the hijack this log as well.



Here you go.  Just did another scan and removed them like that other user said.  Don't understand a lot about it as I'm not a computer expert.  As you lived in USA when you get home later tonght about 6:00 where you live it will be about 1:00 in the morning where I live in the UK and I'll be in bed asleep.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7366

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

03/08/2011 21:52:06
mbam-log-2011-08-03 (21-52-05).txt

Scan type: Quick scan
Objects scanned: 171215
Time elapsed: 14 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Users\JONATHAN\AppData\Local\Temp\Low\{1bb22d38-a411-4b13-a746-c2a4f4ec7344}\searchguardplus.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
c:\Users\JONATHAN\AppData\Local\Temp\Low\{1bb22d38-a411-4b13-a746-c2a4f4ec7344}\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.


----------



## johnb35 (Aug 4, 2011)

Ok.  I still have a few questions that haven't been answered by you.  

1.  What program is telling you that you have over 800 infecdtions?  

2.  I still need to see a hijackthis log, i've asked this now 3 times.  If you don't know how to run a hijackthis scan do the following as i've posted this in my prior posts as well.

Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces.

I also need you to post an uninstall list using hijackthis.  Open hijackthis, click on open misc tools section, click on open  uninstall manager, click on save list and save it.  Then copy and paste that log back here.


----------



## GaryCantley (Aug 4, 2011)

johnb35 said:


> Ok.
> 1.  What program is telling you that you have over 800 infecdtions?



John,

I would guess its something like XP Anti-Virus giving the indication of 80 infections.

Lets hope you get the logs soon


----------



## johnb35 (Aug 4, 2011)

If he had XP antivirus, Malwarebytes would have found it and removed it, or malwarebytes wouldn't have ran as those type of rogue infections stops malwarebytes from opening.

And yes, hopefully I get the logs soon.


----------



## Jonathan1990 (Aug 5, 2011)

johnb35 said:


> Ok.  I still have a few questions that haven't been answered by you.
> 
> 1.  What program is telling you that you have over 800 infecdtions?
> 
> ...



First of all the programme that says I have 800 infections is called RegClean Pro.

Secondly I have tried to download that highjacker file that you have put up but it keeps coming up as a blank screen so I can't do that.  The only log I know is that file I attached on the other message so there must be another type of log file which is going beyond my level of technical knowledge  Also I do know that files with .exe in them cause infections as at work they are very dodgy about it when a .exe download comes up.  At home sometimes I have to go ahead and use 1 like a spellchecker for this forum as people get angry with me when I spell certain words wrong.

Any other suggestions?


----------



## NyxCharon (Aug 5, 2011)

Jonathan1990 said:


> Secondly I have tried to download that highjacker file that you have put up but it keeps coming up as a blank screen so I can't do that


When you click that link you should get a blank page, but a popup should also come up that will allow you to download it. Do you not get the popup?
also, you can get it from here:
http://www.filehippo.com/download_hijackthis/


----------



## johnb35 (Aug 5, 2011)

Jonathan1990 said:


> First of all the programme that says I have 800 infections is called RegClean Pro.
> 
> Secondly I have tried to download that highjacker file that you have put up but it keeps coming up as a blank screen so I can't do that.  The only log I know is that file I attached on the other message so there must be another type of log file which is going beyond my level of technical knowledge  Also I do know that files with .exe in them cause infections as at work they are very dodgy about it when a .exe download comes up.  At home sometimes I have to go ahead and use 1 like a spellchecker for this forum as people get angry with me when I spell certain words wrong.
> 
> Any other suggestions?



First of all, get rid of the registry cleaner, you don't need it.  Secondly, right click on the link and click on open in new window and then you will get the page to load.  After you post the hijackthis log I will have you post an uninstall list, as it seems you have some unnecesary programs installed.


----------

