We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Malwarebytes - Any further action?
sufcjam
Posts: 39 Forumite
in Techie Stuff
Hi could anyone advise if it's worth running hijack this against the system?
Borrowed netbook for travelling, ran microsoft essentials scan no virus found. Malwarebytes found a couple of items and then spybot S&D also found a few items that needed attention. Just trying to make sure system is safe as will potentially need to do some Internet Banking etc.
Malwarebytes log attached:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
https://www.malwarebytes.org
Database version: v2013.08.20.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: PC_LAPTOP [limited]
Protection: Enabled
20/08/2013 09:27:11
mbam-log-2013-08-20 (09-27-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200457
Time elapsed: 8 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\DOCUME~1\user\LOCALS~1\Temp\csrss.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\user\Application Data\dwm.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:54667 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|conhost (Trojan.Agent) -> Data: C:\Documents and Settings\J\Application Data\Microsoft\conhost.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 5
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.203,93.188.160.174) Good: () -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF47D3BB-3718-49B9-BBEA-AEF4C9C6C109}|NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.203,93.188.160.174) Good: () -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
and then full scan:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
https://www.malwarebytes.org
Database version: v2013.08.20.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: PC_LAPTOP [limited]
Protection: Disabled
20/08/2013 09:43:44
mbam-log-2013-08-20 (09-43-44).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232929
Time elapsed: 2 hour(s), 39 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\1\1c4ab281-3de381d2 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\52\10f0ab74-52564bb1 (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFCF9B2B-A6ED-4381-AC00-E15DAB32B8E3}\RP156\A0025744.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
(end)
Any advise would be greatly appreciated.
Thanks in advance
Borrowed netbook for travelling, ran microsoft essentials scan no virus found. Malwarebytes found a couple of items and then spybot S&D also found a few items that needed attention. Just trying to make sure system is safe as will potentially need to do some Internet Banking etc.
Malwarebytes log attached:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
https://www.malwarebytes.org
Database version: v2013.08.20.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: PC_LAPTOP [limited]
Protection: Enabled
20/08/2013 09:27:11
mbam-log-2013-08-20 (09-27-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200457
Time elapsed: 8 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\DOCUME~1\user\LOCALS~1\Temp\csrss.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\user\Application Data\dwm.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:54667 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|conhost (Trojan.Agent) -> Data: C:\Documents and Settings\J\Application Data\Microsoft\conhost.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 5
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.203,93.188.160.174) Good: () -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF47D3BB-3718-49B9-BBEA-AEF4C9C6C109}|NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.203,93.188.160.174) Good: () -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
and then full scan:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
https://www.malwarebytes.org
Database version: v2013.08.20.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: PC_LAPTOP [limited]
Protection: Disabled
20/08/2013 09:43:44
mbam-log-2013-08-20 (09-43-44).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232929
Time elapsed: 2 hour(s), 39 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\1\1c4ab281-3de381d2 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\52\10f0ab74-52564bb1 (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFCF9B2B-A6ED-4381-AC00-E15DAB32B8E3}\RP156\A0025744.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
(end)
Any advise would be greatly appreciated.
Thanks in advance
0
Comments
-
If you are concerned, back up and run a Factory Restore.0
-
Win32/Cybot - Allows backdoor remote access to the infected PC.
Go with the above advice and restore/reinstall the OS.
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fCycbot#tab=1
http://www.threatexpert.com/report.aspx?md5=178a0b1875a1007349793b29f2e695800 -
Get rid of Java! Its a security nightmare.Blessed are the geeks, for they shall inherit the Internet.0
-
Thanks for the replies.
Original boot up discs not available, done a couple more scans and nothing found now (Malwarebytes & Security Essentials).
Might have to make do with using it offline.
Cheers0 -
Thanks for the replies.
Original boot up discs not available, done a couple more scans and nothing found now (Malwarebytes & Security Essentials).
Might have to make do with using it offline.
Cheers
Discs are not a problem, but if XP it's easiest to have an external optical disc player in order to run a clean install. Though it can be done with a USB thumb drive.
Brand and full model number? Perhaps the restore partition is intact.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178K Life & Family
- 260.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards