Jump to content

rodolfolongo1

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by rodolfolongo1

    trojan.agent

    in Resolved Malware Removal Logs

    Posted

    Thank you for helping me out I appreciate it,

    RogueKiller V7.5.4 [06/07/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

    Started in : Normal mode

    User: WaRtuGz [Admin rights]

    Mode: Scan -- Date: 06/23/2012 12:11:40

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541616J9AT00 ATA Device +++++

    --- User ---

    [MBR] 8931158ab24de45dbc7cc9921e7c8b85

    [bSP] 881bfb169e7f864a5cfe8328e90427f2 : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10009 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20498940 | Size: 142616 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>

    RKreport[1].txt

    trojan.agent

    in Resolved Malware Removal Logs

    Posted

    Here is the attached file i had to attach on the previous post also

    Here is a log of the malwarebytes scan. A trojan agent file keeps returning every time i restart my computer, malware claims to delete it but the same trojan keeps reappearing with every time i scan the computer ( past 8 days in a row ) my computer seems unaffected by the agent and working perfectly fine, however I dont want this trojan in my computer for the reason that I dont want to begin to affect my computer later, any help would be greatly appreciated. Thanks

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800

    www.malwarebytes.org

    Database version: v2012.01.27.07

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 7.0.6002.18005

    Admin

    Protection: Enabled

    1/27/2012 9:57:24 PM

    mbam-log-2012-01-27 (21-57-24).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 192777

    Time elapsed: 7 minute(s), 2 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 1

    C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Detected: 1

    C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

    Attach2.txt

    trojan.agent

    in Resolved Malware Removal Logs

    Posted

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 7.0.6002.18005

    Run by WaRtuGz at 16:37:18 on 2012-06-22

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.957.242 [GMT -5:00]

    .

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.manheim.com/

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 10.71.0.1

    TCP: Interfaces\{B67D023E-AF61-4861-853B-AA1AAE26FCA9} : DhcpNameServer = 10.71.0.1

    TCP: Interfaces\{C229C3FF-579E-4494-AB88-F239A30B903C} : DhcpNameServer = 10.71.0.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 612184]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-11 337880]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-11 20696]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-11 57688]

    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-11 44768]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-27 654408]

    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-8-15 1526080]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-27 22344]

    R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808]

    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-2-10 10064]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-11 136176]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-11 136176]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    .

    =============== Created Last 30 ================

    .

    2012-06-20 02:04:03 5120 ----a-w- c:\windows\system32\wmi.dll

    2012-06-20 02:04:03 172032 ----a-w- c:\windows\system32\wintrust.dll

    2012-06-20 02:04:03 157696 ----a-w- c:\windows\system32\imagehlp.dll

    2012-06-20 02:04:02 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

    2012-06-20 01:49:57 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{648ae08e-592c-45c9-9af6-b6b26d212573}\mpengine.dll

    2012-06-20 01:11:00 66560 ----a-w- c:\windows\system32\packager.dll

    2012-06-20 01:09:39 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

    2012-06-20 01:09:39 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-06-20 01:09:32 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

    2012-06-20 01:09:30 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

    2012-06-20 01:09:30 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

    2012-06-20 01:09:29 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

    2012-06-20 01:09:29 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

    2012-06-20 01:09:28 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

    2012-06-20 01:09:17 984064 ----a-w- c:\windows\system32\crypt32.dll

    2012-06-20 01:09:17 98304 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-20 01:09:17 133120 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-06-20 01:08:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

    2012-06-20 01:08:23 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

    2012-06-20 01:08:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

    2012-06-20 01:08:16 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-06-20 01:08:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

    2012-06-20 01:08:12 293376 ----a-w- c:\windows\system32\psisdecd.dll

    2012-06-20 01:08:11 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

    2012-06-20 01:08:11 217088 ----a-w- c:\windows\system32\psisrndr.ax

    2012-06-20 01:08:10 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

    2012-06-20 01:08:08 1205064 ----a-w- c:\windows\system32\ntdll.dll

    2012-06-20 01:08:06 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

    2012-06-20 01:08:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

    2012-06-20 01:06:14 2045440 ----a-w- c:\windows\system32\win32k.sys

    2012-06-20 01:06:11 613376 ----a-w- c:\windows\system32\rdpencom.dll

    2012-06-20 01:06:05 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-06-20 01:06:04 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-06-20 01:05:33 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

    2012-06-20 01:05:33 238080 ----a-w- c:\windows\system32\oleacc.dll

    2012-06-20 01:05:32 563712 ----a-w- c:\windows\system32\oleaut32.dll

    2012-06-20 01:05:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll

    2012-06-20 01:04:46 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-06-20 00:55:13 707584 ----a-w- c:\program files\common files\system\wab32.dll

    2012-06-19 03:05:04 2422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-19 03:04:31 88576 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-19 03:03:41 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-19 03:03:41 171904 ----a-w- c:\windows\system32\wuwebv.dll

    .

    ==================== Find3M ====================

    .

    2012-05-15 22:04:50 834048 ----a-w- c:\windows\system32\wininet.dll

    2012-04-19 14:18:04 389632 ----a-w- c:\windows\system32\html.iec

    2012-04-19 13:53:00 1383424 ----a-w- c:\windows\system32\mshtml.tlb

    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    .

    ============= FINISH: 16:37:55.40 ===============

    TROJAN.AGENT

    in Malwarebytes for Windows Support Forum

    Posted

    Here is a log of the malwarebytes scan. A trojan agent file keeps returning every time i restart my computer, malware claims to delete it but the same trojan keeps reappearing with every time i scan the computer ( past 8 days in a row ) my computer seems unaffected by the agent and working perfectly fine, however I dont want this trojan in my computer for the reason that I dont want to begin to affect my computer later, any help would be greatly appreciated. Thanks

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800

    www.malwarebytes.org

    Database version: v2012.01.27.07

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 7.0.6002.18005

    Admin

    Protection: Enabled

    1/27/2012 9:57:24 PM

    mbam-log-2012-01-27 (21-57-24).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 192777

    Time elapsed: 7 minute(s), 2 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 1

    C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Detected: 1

    C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.