We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Malware results
Options
cally6008
Posts: 7,629 Forumite
in Techie Stuff
Malwarebytes Anti-Malware 1.61.0.1400
https://www.malwarebytes.org
Database version: v2012.07.11.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
James :: ROBINSON [administrator]
11/07/2012 22:32:17
mbam-log-2012-07-11 (22-32-17).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331808
Time elapsed: 2 hour(s), 5 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-ob (Rootkit.Agent) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 12
C:\Documents and Settings\James\Local Settings\Temp\nsl17A.tmp (PUP.BundleInstaller.BI) -> No action taken.
C:\Documents and Settings\James\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
\Jamie's Documents\Downloads\burn4free_setup.exe (PUP.BundleInstaller.Somoto) -> No action taken.
\Jamie's Documents\Downloads\From Internet\Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
\Jamie's Documents\Downloads\From Internet\SoftonicDownloader_for_mp3-rocket.exe (PUP.ToolbarDownloader) -> No action taken.
\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP293\A0079393.exe (PUP.Bundle.Installer.OI) -> No action taken.
\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP293\A0079398.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Program Files\OApps\vfd-ob_uninstall.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\intellidownload\vfd.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP289\A0079189.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP289\A0079192.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
K:\SOFTWARE\FLVT\FLVToMp3Setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
(end)
Any further action needed ?
Dad had reported half page adverts across facebook, pop ups asking him to download things and unable to connect to router so I said that he should change facebook password, run anti virus and run malware bytes
https://www.malwarebytes.org
Database version: v2012.07.11.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
James :: ROBINSON [administrator]
11/07/2012 22:32:17
mbam-log-2012-07-11 (22-32-17).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331808
Time elapsed: 2 hour(s), 5 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vfd-ob (Rootkit.Agent) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 12
C:\Documents and Settings\James\Local Settings\Temp\nsl17A.tmp (PUP.BundleInstaller.BI) -> No action taken.
C:\Documents and Settings\James\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
\Jamie's Documents\Downloads\burn4free_setup.exe (PUP.BundleInstaller.Somoto) -> No action taken.\Jamie's Documents\Downloads\From Internet\Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.\Jamie's Documents\Downloads\From Internet\SoftonicDownloader_for_mp3-rocket.exe (PUP.ToolbarDownloader) -> No action taken.\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP293\A0079393.exe (PUP.Bundle.Installer.OI) -> No action taken.\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP293\A0079398.exe (PUP.BundleInstaller.Somoto) -> No action taken.C:\Program Files\OApps\vfd-ob_uninstall.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\intellidownload\vfd.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP289\A0079189.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BBC743B7-A784-4CCB-A45C-CF9F68AFD003}\RP289\A0079192.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
K:\SOFTWARE\FLVT\FLVToMp3Setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
(end)
Any further action needed ?
Dad had reported half page adverts across facebook, pop ups asking him to download things and unable to connect to router so I said that he should change facebook password, run anti virus and run malware bytes
0
Comments
-
re-run a quick scan and tick everything it finds for deletion, may need a re-boot to complete. Further action may be required following this..........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Thank you, have passed that on and will post back the next log he sends me0
-
Theres a new version of malwarebytes 1.62.0.13000
-
Most of those are PUP installers that bundle adware (could be just toolbars etc. EG. Somoto) with the freeware you're downloading.
Clear temp files. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/app_disk_cleanup.mspx?mfr=true
For the files in:
C:\System Volume Information\_restore{********-********-****-************}
flush system restore by turning it of and back on again.
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080421114858EN&product=home&pvid=f-home&version=1&lg=english&ct=us
If he continues to have problems, get some DDS logs.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards