inavran

HI NoKnojon, Thanks for your reply. I will contact corporate support.

Hi, I was wondering if anyone can tell me how harmful these detected threats are. (malware bytes log below) I have now cleaned/deleted the detected threats on this PC, and am in the process of doing a full clean up on this Windows XP SP3 machine and re install of antivirus (trend) This PC is used in a small organisation and does have sensitive information on it frequently. It is on a windows 2008 domain. No other PCs (knowingly seemed affected) Ive been asked by my Directors if any of these threats could be a key logger or anything more serious? Our company's anti virus is "Trend Micro Worry-Free Business Security Advanced" and was disabled (i didn't notice this for a week or so!) I ran malware bytes trial this morning as the PC was coming up with some weird errors, and after looking closer at the start up entries i noticed 2 weird values, which instantly sounded alarm bells 1. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe 2. C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe Can anyone offer any advice on what these threats are or may have done. I have looked up Trojan.agent, and it seems to be a malware threat that causes errors on your PC, then pushes you to buy rouge 'fix software'. I cant fine much explanation on what the other 2 will do... Many thanks in Advance ps, we are considering buying corporate Malwarebytes to scan and keep tabs on our entire network. (we would be after 25 licenses probably), is this just the pro version we install 25 times? or is there a web console interface to manage the whole lot from a single point? (like more business anti virus management consoles?) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 <maskedusername> :: <maskedcomputername> [administrator] Protection: Enabled 04/07/2012 10:48:05 mbam-log-2012-07-04 (10-48-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 242588 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5C039C6D-265D-0CCE-F087-FDA623520695} (Trojan.Agent.TBM) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{806D7BCF-83A9-8650-A913-6178B27FB63A} (Trojan.Agent) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Hilgraeve Inc (Packer.ModifiedUPX) -> Data: C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe (Trojan.Agent.TBM) -> Quarantined and deleted successfully. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe (Packer.ModifiedUPX) -> Delete on reboot. (end)