Jump to content

spottswoode

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Posts posted by spottswoode

    Backdoor.bot

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.56

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    Norton Internet Security

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    Spybot - Search & Destroy

    Malwarebytes Anti-Malware version 1.70.0.1100

    JavaFX 2.1.1

    Java 6 Update 31

    Java 7 Update 9

    Adobe Flash Player 11.5.502.135

    Adobe Reader XI

    Mozilla Firefox 9.0 Firefox out of Date!

    ````````Process Check: objlist.exe by Laurent````````

    Norton ccSvcHst.exe

    Spybot Teatimer.exe is disabled!

    Malwarebytes' Anti-Malware mbamscheduler.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 8%

    ````````````````````End of Log``````````````````````

    Backdoor.bot

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.104 - Logfile created 01/06/2013 at 21:07:57

    # Updated 29/12/2012 by Xplode

    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

    # User : stephen mcallister - CLUMSEYGENIUS

    # Boot Mode : Normal

    # Running from : C:\Users\<me>\Desktop\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

    Key Found : HKCU\Software\Ask.com

    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v9.0 (en-GB)

    File : C:\Users\stephen mcallister\AppData\Roaming\Mozilla\Firefox\Profiles\hi9ucsq2.default\prefs.js

    Found : user_pref("gm-notifier.ui.counter.showInbox", true);

    File : C:\Users\<me>\AppData\Roaming\Mozilla\Firefox\Profiles\njjfnk22.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1466 octets] - [06/01/2013 21:07:57]

    ########## EOF - C:\AdwCleaner[R1].txt - [1526 octets] ##########

    I don't see any entries that I am concerned about losing.

    Backdoor.bot

    in Resolved Malware Removal Logs

    Posted

    mbam log when infection was found

    Malwarebytes Anti-Malware 1.70.0.1100

    www.malwarebytes.org

    Database version: v2012.12.31.01

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    stephen mcallister :: CLUMSEYGENIUS [administrator]

    06/01/2013 6:30:55 PM

    mbam-log-2013-01-06 (18-30-55).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 241608

    Time elapsed: 1 minute(s), 26 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    C:\Users\stephen mcallister\AppData\Local\Temp\13361.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

    (end)

    mbam recent log

    Malwarebytes Anti-Malware 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.01.06.08

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    stephen mcallister :: CLUMSEYGENIUS [administrator]

    06/01/2013 7:04:31 PM

    mbam-log-2013-01-06 (19-04-31).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 239857

    Time elapsed: 1 minute(s), 13 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    RK log

    RogueKiller V8.4.2 [Jan 6 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : stephen mcallister [Admin rights]

    Mode : Scan -- Date : 01/06/2013 19:38:51

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤

    [RUN][sUSP PATH] HKCU\[...]\Run : icq (C:\Users\stephen mcallister\AppData\Roaming\ICQM\icq.exe -CU) -> FOUND

    [RUN][bLACKLISTDLL] HKLM\[...]\Run : Cm108Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd) -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-3231266768-4001767025-273698762-1000[...]\Run : icq (C:\Users\stephen mcallister\AppData\Roaming\ICQM\icq.exe -CU) -> FOUND

    [TASK][sUSP PATH] Alarm : "C:\Users\stephen mcallister\Desktop\equinox_sci_wax_radio_090111.mp3" -> FOUND

    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [RUN][bLACKLISTDLL] [ON_W:]HKLM\Software[...]\Run : Cm108Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    -> W:\windows\system32\config\SOFTWARE

    -> W:\windows\system32\config\SYSTEM

    -> W:\Users\Default\NTUSER.DAT

    -> W:\Users\Default User\NTUSER.DAT

    -> W:\Users\Stephen McAllister\NTUSER.DAT

    -> W:\Documents and Settings\Default\NTUSER.DAT

    -> W:\Documents and Settings\Default User\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD7501AALS-00J7B0 ATA Device +++++

    --- User ---

    [MBR] 5b7a63329081828f2eecb71d675598be

    [bSP] 8e5db028d4964658b6060ac891226926 : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 51 | Size: 80001 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163842192 | Size: 635400 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++

    --- User ---

    [MBR] ab12359157b23e073c47280e4f1f7600

    [bSP] 97fb3721f69c034ee0a311e495e04f4a : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive2: ST3250824AS ATA Device +++++

    --- User ---

    [MBR] 44c8429ba71cb75c9475907c331001b0

    [bSP] 5b3f940617f8364e6198b0d8688a539d : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive3: WDC WD1002FAEX-00Z3A0 ATA Device +++++

    --- User ---

    [MBR] e11a71ec95f6ae136ad4d3fe1cddc934

    [bSP] e762d14e820de1666f1328aafa4b26ba : Windows 7/8 MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01062013_02d1938.txt >>

    RKreport[1]_S_01062013_02d1938.txt

    Backdoor.bot

    in Resolved Malware Removal Logs

    Posted

    Malware bytes recently detected backdoor.bot. I was logging into my online banking at the time. I haven't done anything except let Malwarebytes do it's thing and when I scan again there is no sign. In the meantime, I used another machine at home to change my TD banking password and also my google email products.

    Attached dds.txt and Attach.txt

    Attach.txt

    DDS.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.