kookcmoi
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by kookcmoi
-
-
After running MBAM, it found again the malware.packer.gen !!! :
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.11.08.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugues :: HUGUES-PC [administrator]
8/11/2012 22:36:19
mbam-log-2012-11-08 (22-36-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202990
Time elapsed: 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Hugues\AppData\Local\Temp\2C78.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
(end)
So it is still not removed after all the previous actions
-
here is the log file of adwcleaner after deleting babylon (the computer was rebooted by adwcleaner by the way):
# AdwCleaner v2.007 - Logfile created 11/08/2012 at 22:03:11
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Hugues - HUGUES-PC
# Boot Mode : Normal
# Running from : C:\Users\Hugues\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files\Babylon
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [1166 octets] - [08/11/2012 21:54:18]
AdwCleaner[s1].txt - [1119 octets] - [08/11/2012 22:03:11]
########## EOF - C:\AdwCleaner[s1].txt - [1179 octets] ##########
-
Here are the MBAM and Adwcleaner logs:
What to do next ?
-
-
Here are the logs of TDSSkiller:
(it cleaned the MBR and found 3 suspicious files that I skipped)
What to do next ?
(thx for the fast support)
TDSSKiller.2.8.15.0_08.11.2012_21.07.45_log.txt
-
here is the log after running roguekiller :
RogueKiller V8.2.3 [07/11/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hugues [Admin rights]
Mode : Scan -- Date : 08/11/2012 20:27:58
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND
[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSA2M080G2GC ATA Device +++++
--- User ---
[MBR] 6525717c47f37f7b1fc6a2e247aabd60
[bSP] b4027393bba01e48a2e16422fb5c271d : Xpaj MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] 3bc76023f3d493c60eb4a339b7f9b91d
[bSP] 16b0be6f9dd73c671624984853a4afeb : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: ST3750640AS ATA Device +++++
--- User ---
[MBR] ea134ea6bfc0dbe086499efc739fd7cb
[bSP] aba6c4bb1f04355525f4bbc9325c8894 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1465128960 | Size: 8 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_08112012_202758.txt >>
RKreport[1]_S_08112012_202758.txt
What should I do next ?
-
Here are the two logs : dds.txt and attach.txt
What should I do to get rid of this malware ?
Thx
infected with malware.packer.gen HELP !
in Resolved Malware Removal Logs
Posted
I rerun Roguekiller and deleted the registry entries it found. After that all problems solved.
Thanks for your swift support !! Thread can be closed now.