Jump to content

avragorn

Members
  • Posts

    16
  • Joined

  • Last visited

Posts posted by avragorn

  1. Hello :)

    I just did a full scan with MBAM, and here is the log. I know it is not a scan done in developer mode, but I must go to sleep so if you need the log from the developer mode, I will do a full scan tomorrow afternoon....

    Here is the log ( in french ) :

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    07/12/2009 22:33:42

    mbam-log-2009-12-07 (22-33-33).txt

    Type de recherche: Examen complet (C:\|)

    El

  2. Hello :D

    At first, sorry for posting a similar thread :D

    I updated MBAM, with the database 2885 and it still finds the same infections :

    01/10/2009 18:19:03

    mbam-log-2009-10-01 (18-19-00).txt

    Scan type: Quick Scan

    Objects scanned: 105297

    Time elapsed: 9 minute(s), 12 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 13

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146

    6702566142025717167686871261825199413014739]

  3. Hello :D

    I just updated MBAM, and I scanned my pc and it has found 15 infected objects that come from "actskin4.ocx". I didn't put them in quarantine because I searched on google and I found that it is an element of AVAST antivirus I have on my pc ( I use only 1 antivirus, it is AVAST, I don't have other antivirus ).

    I scanned in developer mode, and it found 14 objects and not 15 ...

    Here is the log file :

    Malwarebytes' Anti-Malware 1.41

    Database version: 2881

    Windows 5.1.2600 Service Pack 3

    01/10/2009 09:33:42

    mbam-log-2009-10-01 (09-33-34).txt

    Scan type: Quick Scan

    Objects scanned: 103607

    Time elapsed: 5 minute(s), 26 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 13

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    I think they are false positives because I scanned my pc with AVAST yesterday. Or they come on my pc between yesterday and now !

    Thank you very much in anticipation,

    - avragorn -

  4. Hello Fatdcuk :huh:

    I was about to go , I came again before going ;)

    Thank you very much for your help, and no problems, I wasn't worried because these are files I have since 2004 so all the antivirus programs I had until now would have found them if they were malwares ;)

    Thank you very much again, you all do an amazing work to protect us all :D

    Have a great day ( here we will have storms :'( )

    Cheers,

    - avragorn -

  5. I didn't scan in developer mode as asked, so I just did, here is the log :

    Malwarebytes' Anti-Malware 1.37

    Database version: 2236

    Windows 5.1.2600 Service Pack 3

    06/06/2009 13:36:16

    mbam-log-2009-06-06 (13-36-11).txt

    Scan type: Quick Scan

    Objects scanned: 87740

    Time elapsed: 4 minute(s), 35 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 1

    Registry Values Infected: 1

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/aolsetup.dat (Rootkit.Agent) -> No action taken. [3857535134303627615642473748565261323232323232323215696685]

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\AOLSetup.dat (Rootkit.Agent) -> No action taken. [3857535134303627615642473748565261323232323232323215696685]

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    c:\WINDOWS\AOLSetup.dat (Rootkit.Agent) -> No action taken. [3857535134303627615642473748565261323232323232323215696685]

  6. Hello :huh:

    I have the same problem , I have 5 "infected" elements :

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> Quarantined and deleted successfully.

    I didn't test with my antivirus yet, but on a french forum, someone says that SPYBOT Search & Destroy finds the same elements as MALWAREBYTES' ANTIMALWARE ....

    I can't test because I deleted SPYBOT because it took 4 hours to scan my computer !

  7. Hello :D

    Thank you very much to everyone :):):)

    Someone on a french forum told me that it's good , my computer will work . The proof is that I installed Service Pack 3 ... and wextract is used for extract .cab files from the windows updates .

    The guy on the french forum asked me to post a RSIT log to show him all created files and everything .... and he told me everything is ok :)

    To maalim : I tried the system restore , it doesn't work ! I had an error message : "the restore can't be completed , please choose another restore point" ( something like that , and I try to translate into english since it's written in french ! ) .

    So I didn't can restore the system to a previous date :D

    Thank you very much to everyone again , you can consider that my problem is resolved :)

    Thank you very much again :)

    - avra -

  8. Thank you very much :)

    Someone on a french forum advised me almost the same thing .... I installed Windows Service Pack 3 because I had Service Pack 2 .

    Most of the files are back , the only one file I don't find anymore is :

    c:\WINDOWS\system32\dllcache\wextract.exe

    I don't know if it's very important , I have all the other wextract.exe in the other folders .

  9. Files Infected:

    C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    Files Infected:

    C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    C:\WINDOWS\SYSTEM32\DLLCACHE\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    These are the files MALWAREBYTE'S ANTIMALWARE has found last wednesday , don't delete them ! I deleted them forever and now I don't know how to have them again !

  10. Hello !

    I am new there :) I am a french user ... I use MALWAREBYTE'S ANTIMALWARE since approximately 1 year and I love it , it is very powerful !

    Last wednesday MALWAREBYTE'S ANTIMALWARE has found wextract.exe and other files as trojan.vundo . I know it's a false positive . But until I read this on french forums , I had time to delete the files from the quarantine and now I don't have them on my computer anymore !

    With the logs I found all the files I deleted forever last wednesday , files that MALWAREBYTE'S ANTIMALWARE has found as trojan.vundo :

    C:\System Volume Information\_restore{02F74351-7C8E-45A0-B01F-D8177EAA33A9}\R

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.