We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Trojan Virus
Options
Comments
-
-
Dont want to butt in but I tend to find SAS finds more than Malwarebytes, I have both installed on my system.0
-
Dont want to butt in but I tend to find SAS finds more than Malwarebytes, I have both installed on my system.
trouble is SAS reports each and every cookie, so always looks like it finds more......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
finally
Malwarebytes' Anti-Malware 1.41
Database version: 2865
Windows 5.1.2600 Service Pack 3
09/28/2009 19:46:09
mbam-log-2009-09-28 (19-45-56).txt
Scan type: Full Scan (A:\|C:\|)
Objects scanned: 188862
Time elapsed: 2 hour(s), 21 minute(s), 37 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 10
Registry Data Items Infected: 5
Folders Infected: 11
Files Infected: 91
Memory Processes Infected:
C:\Documents and Settings\Ashely\Local Settings\Temp\user.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ba603215-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba603215-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Local AppWizard-Generated Applications\AlertSpy (Rogue.AlertSpy) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MacroVirus (Rogue.MacroVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MacroVirus (Rogue.MacroVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mandel Enterprises (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n84p (Trojan.Proxy) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\Ashely\Application Data\SpamBlocker (Adware.Hotbar) -> No action taken.
C:\Program Files\MacroVirus (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Log (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Log (Rogue.MacroVirus) -> Files: 2198 -> No action taken.
C:\Program Files\MacroVirus\Quarantine (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Registry Backups (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings (Rogue.MacroVirus) -> No action taken.
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.
C:\Documents and Settings\Ashely\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.
C:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1858 (Worm.Autorun) -> No action taken.
Files Infected:
C:\Documents and Settings\Ashely\Local Settings\Temp\user.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe (Trojan.Proxy) -> No action taken.
C:\WINDOWS\system32\nzfiu3h78di.dll (Trojan.Ertfor) -> No action taken.
C:\aoqwlrag.exe (Trojan.Dropper) -> No action taken.
C:\eopmjm.exe (Rootkit.Agent) -> No action taken.
C:\pkusq.exe (Trojan.Backdoor) -> No action taken.
C:\yhjj.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ashely\reader_s.exe (Trojan.Cutwail) -> No action taken.
C:\Documents and Settings\Ashely\Application Data\lizkavd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Ashely\Application Data\sdra64.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\006.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\033.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\070.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\101.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\1805437764.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\1908289996.exe (Backdoor.DDoS) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\212.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\242.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\246.tmp (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\251.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\269.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\2888202800.exe (Backdoor.DDoS) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\333.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\338.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\3617072810.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\438.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\483.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\636.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\645.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\789.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\799.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\825103432.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\851.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\888.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\905.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\971.exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\avp.exe (Backdoor.DDoS) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\cmd.exe (Backdoor.DDoS) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\drweb.exe (Backdoor.DDoS) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\install.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\services.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\system.exe (Backdoor.DDoS) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\8SK68ZMD\iorkku[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\8SK68ZMD\jpdaanboc[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\8SK68ZMD\moremix32[1].exe (Trojan.Cutwail) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\8SK68ZMD\zftdhh[1].htm (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\O3QBG60I\nkueesf[1].htm (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\O3QBG60I\pr3xy[1].exe (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\RGB784I8\cisfgdd[1].htm (Trojan.Backdoor) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\TJPIFT4F\(SC)[1].(N) (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\Content.IE5\TJPIFT4F\lmqz[1].exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IRWUGVYM\global.pack[1].js (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-7572383250-2990669128-072138166-0589\wnzip32.exe (Trojan.Backdoor) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> No action taken.
C:\WINDOWS\system32\serfing.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\serfing.sys (Rootkit.Agent) -> No action taken.
C:\Program Files\MacroVirus\35341136d55b7d6f58598d8814e4d18f.full.mup (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\8a9df2f61b930574ba1f08e2df4158bc.full.mup (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\a18b342aa51713d7c4d88cf72277c3d4.full.mup (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\c5afe538ee5c5755a26c2daa59aa8152.full.mup (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\MacroVirus.exe (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\mav.log (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\mavapi.pyd (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\python24.dll (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\_sqlite.pyd (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\_tst.pyd (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings\CustomScan.stg (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings\IgnoreList.stg (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings\ScanInfo.stg (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings\ScanResults.stg (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings\SelectedFolders.stg (Rogue.MacroVirus) -> No action taken.
C:\Program Files\MacroVirus\Settings\Settings.stg (Rogue.MacroVirus) -> No action taken.
C:\Documents and Settings\Ashely\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> No action taken.
C:\Documents and Settings\Ashely\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.
C:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1858\Desktop.ini (Worm.Autorun) -> No action taken.
C:\hxlqib.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ashely\Application Data\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Application Data\svcst.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\opai.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\UACvarrcfwpqnlkynf.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ashely\Local Settings\Temporary Internet Files\nobysuk.exe (Trojan.Agent) -> No action taken.0 -
They all say 'NO ACTION TAKEN' after them
Im afraid your probably going to have to rescan and TICK them then QUARANTINE/DELETE them:idea:0 -
I wasn't talking about cookies though SAS does do that, I recently fixed my mothers computer thanks to her husband. Ran MB first then SAS, SAS found 5 more infections.
Plus various sites review it as better too.
To Money, where the hell did you get all that from?!? Ouch. Once you've deleted all that probably worth running sophos anti-rootkit too.0 -
Holy Carp !! How your puter functioned at all is a miracle !! As per RiK's post, you'll need to rescan and delete them, probably need to reboot as part of the cleaning process when prompted.
Then, do a fresh HJT scan and post the log
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Hi
Thank you all for your advice
I have had nothing but nightmares with this
I have had to run the scan again as my computer kept switching itself off
I will post the log again in about another 2 hrs!!!!!!!!0 -
Nothing Detected?????
Malwarebytes' Anti-Malware 1.41
Database version: 2865
Windows 5.1.2600 Service Pack 3
09/29/2009 19:59:44
mbam-log-2009-09-29 (19-59-44).txt
Scan type: Full Scan (A:\|C:\|)
Objects scanned: 187356
Time elapsed: 2 hour(s), 48 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
You must have removed them the 1st time then
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards