We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Advice re infections please
vickitoria
Posts: 28 Forumite
in Techie Stuff
HI , I just had a trojan come through facebook...anti virus (ms essentials picked it up) ran malwarebytes and it came up with this
Malwarebytes' Anti-Malware 1.44
Database version: 3738
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
14/02/2010 14:10:32
mbam-log-2010-02-14 (14-10-32).txt
Scan type: Quick Scan
Objects scanned: 101959
Time elapsed: 6 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
mywebsearch?? should i be concerned and how can i get rid of it??
many thanks for any help x
Malwarebytes' Anti-Malware 1.44
Database version: 3738
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
14/02/2010 14:10:32
mbam-log-2010-02-14 (14-10-32).txt
Scan type: Quick Scan
Objects scanned: 101959
Time elapsed: 6 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
mywebsearch?? should i be concerned and how can i get rid of it??
many thanks for any help x
0
Comments
-
mywebsearch is nothing major, but it can sometimes be quite difficult to completely remove
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
ComboFix 10-02-12.01 - Vickie 14/02/2010 16:03:52.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.764.234 [GMT 0:00]
Running from: c:\users\Vickie\Downloads\QWERTY.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1339409208-4043085881-2203914575-500
c:\$recycle.bin\S-1-5-21-609214759-2332381728-842085503-500
.
((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 16:12 . 2010-02-14 16:12
d
w- c:\users\Default\AppData\Local\temp
2010-02-14 14:02 . 2010-02-14 14:02 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-14 14:02 . 2010-02-14 14:02
d
w- c:\users\Vickie\AppData\Roaming\Malwarebytes
2010-02-14 14:01 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 14:01 . 2010-02-14 14:01
d
w- c:\programdata\Malwarebytes
2010-02-14 14:01 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 14:01 . 2010-02-14 14:02
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 09:11 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 09:11 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 09:11 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 09:11 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-03 06:27 . 2010-02-03 06:27 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBBC8.tmp.exe
2010-01-22 18:41 . 2010-01-22 18:41
d
w- c:\programdata\Office Genuine Advantage
2010-01-22 05:52 . 2010-01-02 06:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 05:51 . 2010-01-02 06:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-22 05:51 . 2010-01-02 06:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-22 05:51 . 2010-01-02 04:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 10:06 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-02-10 10:01 . 2008-04-30 08:48
d
w- c:\programdata\Microsoft Help
2010-02-03 07:40 . 2009-11-12 13:08
d
w- c:\program files\Google
2010-01-14 11:12 . 2009-11-12 13:09 181120
w- c:\windows\system32\MpSigStub.exe
2010-01-08 11:40 . 2010-01-01 11:34
d
w- c:\users\Vickie\AppData\Roaming\HpUpdate
2010-01-01 11:34 . 2009-11-20 09:05
d
w- c:\program files\HP
2009-12-27 19:21 . 2009-12-27 19:21
d
w- c:\users\Vickie\AppData\Roaming\Amazon
2009-12-26 10:43 . 2009-12-26 09:01
d
w- c:\users\Vickie\AppData\Roaming\Apple Computer
2009-12-26 09:00 . 2009-12-26 08:58
d
w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 09:00 . 2009-12-26 08:58
d
w- c:\program files\iTunes
2009-12-26 08:59 . 2009-12-26 08:59
d
w- c:\program files\iPod
2009-12-26 08:58 . 2009-12-26 08:48
d
w- c:\program files\Common Files\Apple
2009-12-26 08:58 . 2009-12-26 08:55
d
w- c:\programdata\Apple Computer
2009-12-26 08:56 . 2009-12-26 08:56
d
w- c:\program files\Bonjour
2009-12-26 08:56 . 2009-12-26 08:55
d
w- c:\program files\QuickTime
2009-12-26 08:54 . 2009-12-26 08:53
d
w- c:\program files\Apple Software Update
2009-12-26 08:48 . 2009-12-26 08:48
d
w- c:\programdata\Apple
2009-12-19 17:33 . 2009-12-19 17:33
d
w- c:\program files\Toshiba
2009-12-08 20:01 . 2010-02-10 09:10 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-10 09:10 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 09:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 09:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 09:10 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 09:10 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 09:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 09:10 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 09:10 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 09:10 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 09:10 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 09:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 09:10 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-23 11:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-20 09:25 . 2009-02-24 13:36 100248 ----a-w- c:\users\Vickie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-20 09:19 . 2009-11-20 09:03 160616 ----a-w- c:\windows\hphins33.dat
2008-12-09 15:03 . 2008-12-09 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-12 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-09-18 552960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-12 122880]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WirelessSelector.lnk - c:\program files\FSC\Wireless Utility\WirelessSelector.exe [2009-2-24 650752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):59,2d,fd,9f,73,6b,ca,01
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [12/11/2009 09:23 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [12/11/2009 09:23 334440]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [12/11/2009 09:23 972008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 18:48 42480]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [06/06/2008 13:18 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [09/12/2008 15:04 47616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 07:40 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 02:32 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 07:40]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 07:40]
2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{51162BA3-60DE-447B-B89F-019519BC3462}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.karoo.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 16:12
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(5624)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Completion time: 2010-02-14 16:17:37
ComboFix-quarantined-files.txt 2010-02-14 16:17
Pre-Run: 112,666,628,096 bytes free
Post-Run: 112,607,612,928 bytes free
- - End Of File - - 2D6AE3750C6B4FE1B149087501A159FF0 -
I hope I did it correctly...and thanks for the help0
-
Looks clean to me
:idea:0 -
Excellent...Thank you very much x0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards