Jump to content

oldman960

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by oldman960

  1. Thanks sUBs. According to another post with the same topic name seems it's been fixed. I'll have the OP give it a test drive. Avast says the key is created by Avast. edit: perfect
  2. Hi, Question: Can MBAM reset folder Options to default after/during a scan. OP reports file extensions are rehidden after running MBAM. I've never noticed it myself but I've never had anything to remove. So maybe only when MBAM actually does a fix? Here's another instance of HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe The contents of the key appear to be for crash analysis. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe /s > "GlobalFlag" = 33554432 "PageHeapFlags" = 3 -- [2011/02/06 07:46:13 | 000,000,000 | ---D | M] Was detected with both database v2013.05.04.02 and v2013.05.06.01 Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.06.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 LeeAd :: HOMESYS [administrator] Protection: Enabled 5/5/2013 10:58:59 PM mbam-log-2013-05-05 (22-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 267753 Time elapsed: 6 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe (Security.Hijack) -> Delete on reboot. [9257b853ce9e16207fff6050639f5aa6] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Hi, Thank you very much.
  4. Hi, The log is from a log I'm working on at WhatTheTech. http://forums.whatthetech.com/Win32_Trojan...301#entry602301 q75bo2v.exe has since been removed by the OP's AV. tunebite.exe has tested clean. If you want a copy of this file, is it possible for the OP to reply to this thread? If that is possible, I might be able to nab you a copy of q75bo2v.exe also. Thanks
  5. Hi, Just checking to see if the TuneBite detections are FPs. Malwarebytes' Anti-Malware 1.41 Database version: 2940 Windows 5.1.2600 Service Pack 3 10/11/2009 5:22:17 AM mbam-log-2009-10-11 (05-22-04).txt Scan type: Quick Scan Objects scanned: 117330 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 5 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tunebite.exe (Trojan.Agent) -> No action taken. [4134524130538380756679153472707985130117202021672170672171677167202068177125191 86926216769201768247166] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken. [3857535134304174756668761556667777816681708313014144385864365451513847536454523 85161524839535634513861467468838084807185614279857083797085013889817780837083613 7 7084768580816140707970836677] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken. [3857535134304666778866837015538366687013014144385864365451513847536454523851615 24839535634513861467468838084807185615674796980888461368683837079855570838474807 9 613889817780837083935642474237] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301414438586436545151384753645452385161524 83953563451386146746883808480718561567479698088846136868383707985557083847480796 1 518679] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513014144385864365451513847536454523 85161524839535634513861467468838084807185615674796980888461368683837079855570838 4 74807961518679937884708387] Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830417475666876153774848177669049838081708385747084130141443858643 65451513847536454523851615248395356345138614674688380848071856156747969808884613 6 86838370798555708384748079614980777468747084613468857487703770847685808193478036 7 36679727479725666777781668170833018130117] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830417475666876153774848177669049838081708385747084130141443858643 65451513847536454523851615248395356345138614674688380848071856156747969808884613 6 86838370798555708384748079614980777468747084613889817780837083934780346885748770 3 7708476858081367366797270843018130117] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830417475666876153774848177669049838081708385747084130141443858643 65451513847536454523851615248395356345138614674688380848071856156747969808884613 6 86838370798555708384748079614980777468747084613889817780837083934780527085346885 7 48770377084768580813018130117] Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe -tray (Trojan.Agent) -> No action taken. [4134524130538380756679153472707985130117202021672170672171677167202068177125191 86926216769201768247166] C:\Documents and Settings\GHL\Local Settings\temp\q75bo2v.exe (Trojan.Downloader) -> No action taken. [4134524130538380756679153780887977806669708313012370192122221919692418176866182 223217023252420662066177025196769]
  6. Hi Thanks for the replies. That was suggested to me as the probable cause, but we just wanted confirmation. I was working on a log in a malware forum where the OP didn't have a desktop. Since he had to use taskmanager to run anything, c:\ was used just to make it easier for him and in case variables didn't function as expected. Thanks again.
  7. Hi SystemLook is a little utility used to find file, folders, reg keys etc. Download Mirror #1 Download Mirror #2 Malwarebytes' Anti-Malware 1.38 Database version: 2325 Files Infected: c:\SystemLook.exe (Trojan.Agent) -> Not selected for removal. [3857535134303627615290848570783232323215708970]
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.