Jump to content

Anguskirk

Members
  • Content Count

    3
  • Joined

  • Last visited

Posts posted by Anguskirk

  1. Hi

    I ran a quick scan (logfile attached) and was shocked when it purportedly found 6446 instances of Backdoor.Bot :D . Believing them to be genuine infections I deleted them all and ran a full scan which found another 16, also deleted.

    Following advice from your forum I rebooted and ran a full Developer Scan (logfile below) which found nothing, although the error message "DDA failed to read. Error code 1117" appeared at the start.

    The computer seems to be behaving normally but I am now worried that I may have deleted genuine files including the entire \Program Files\WINDOWS folder.

    Were they FPs and should I restore them?

    ----------------------------------------------------------

    Malwarebytes' Anti-Malware 1.41

    Database version: 2895

    Windows 5.1.2600 Service Pack 3

    04/10/2009 02:33:53

    mbam-log-2009-10-04 (02-33-53).txt

    Scan type: Full Scan (C:\|F:\|)

    Objects scanned: 398066

    Time elapsed: 14 hour(s), 4 minute(s), 14 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    mbam_log_2009_10_02__18_50_46_.zip

  2. Thanks, srtools. Here's the full scan.

    I was wrong when I said Quick Scan found 100 instances of Backdoor.Bot -

    it was reportedly in 5 registry keys, 1016 folders and 6446 files!

    -------------------------------------------

    Malwarebytes' Anti-Malware 1.41

    Database version: 2895

    Windows 5.1.2600 Service Pack 3

    03/10/2009 00:36:50

    mbam-log-2009-10-03 (00-36-50).txt

    Scan type: Full Scan (C:\|F:\|)

    Objects scanned: 397710

    Time elapsed: 5 hour(s), 32 minute(s), 55 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 2

    Files Infected: 16

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    C:\Program Files\WINDOWS (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32 (Backdoor.Bot) -> Quarantined and deleted successfully.

    Files Infected:

    C:\Program Files\WINDOWS\system32\MFCANS32.DLL (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\mfcuia32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\mschrt20.ocx (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\msls2.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\msmask32.ocx (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\msstkprp.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\ncpa.cpl.manifest (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\nwc.cpl.manifest (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\ochlp30e.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\PCDLIB32.DLL (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\perfmon.msc (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\Pubole32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\sapi.cpl.manifest (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\Westlake.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\WindowsLogon.manifest (Backdoor.Bot) -> Quarantined and deleted successfully.

    C:\Program Files\WINDOWS\system32\wuaucpl.cpl.manifest (Backdoor.Bot) -> Quarantined and deleted successfully.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.