nue
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by nue
-
-
I guess my concern is whether or not the temp file and the system.log from my System32 directory were important or not. I restored everything from quarantine already.
-
Double post, don't see an edit button but I forgot to post my log as well.
Malwarebytes' Anti-Malware 1.41
Database version: 3286
Windows 5.1.2600 Service Pack 3
12/3/2009 11:30:58 AM
mbam-log-2009-12-03 (11-30-57).txt
Scan type: Full Scan (C:\|)
Objects scanned: 135383
Time elapsed: 29 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 102
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Fonts\8514oeme.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\8514oemg.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\8514oemr.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\8514oemt.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga40737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga40852.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga40857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga40869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga80737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga80852.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga80857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga80866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga80869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cga40866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\msdlg874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vga852.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cvgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\j8514fix.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\j8514oem.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\j8514sys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\jvgafix.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\jvgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ssee874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ssef874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\svgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vga857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vga866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vga932.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vgas874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\dos737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega40737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega40857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega40866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega40869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega80737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega80857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ega80869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\MOUSE.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\OLECLI.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\OLESVR.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\SHELL.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\SYSTEM.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\VGA.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\WFWNET.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\append.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comm.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edlin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fastopen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drwatson.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exe2bin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krnl386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mouse.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscdexnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nlsfunc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olecli.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\setver.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\share.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olesvr.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfwnet.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win87em.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winnls.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winoldap.mod (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winspool.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wowdeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wowexec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vga.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\system.LOG (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\append.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\drwatson.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\edlin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\exe2bin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\fastopen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\gdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\krnl386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\mouse.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\mscdexnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\nlsfunc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\olecli.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\olesvr.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\share.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\shell.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\system.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\vga.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\wfwnet.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\win87em.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\winnls.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\winspool.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\wowdeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\wowexec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat (Trojan.Downloader) -> Delete on reboot.
-
So uh... I had 103 instances pop up and I mistakenly deleted them and then the system asked for a system restart. Then I figured that was way too many Trojans considering how careful I (usually) am so I stumbled upon here now I'm kind of lost. I managed to find the 100 other quarantined files but I don't know where the last 3 went. I'm guessing they were deleted when the computer was restarted. Anyone shed some light on this?
Trojan.Downloader detected in 65 system files
in File Detections
Posted
Just curious, is that tool you provided a necessity? Because the files that were deleted weren't critical, is there a need to utilize the tool? Thanks.