dennisl
-
Posts
89 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dennisl
-
-
Scan results follow.
Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
Java 6 Update 29
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
-
Look's promising -deleted the files & did another scan, which is showing clean.
Anything else we need to do?
-
Just ran another MWB scan
Now showing also showing as Memory Process.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.orgDatabase version: v2014.01.10.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
xxx :NB01 [administrator]13/01/2014 09:27:35
MBAM-log-2014-01-13 (09-42-25).txtScan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245419
Time elapsed: 13 minute(s), 41 second(s)Memory Processes Detected: 1
C:\Windows\System32\aJUFJta.exe (Trojan.Agent.ZB) -> 4844 -> No action taken.Memory Modules Detected: 0
(No malicious items detected)Registry Keys Detected: 0
(No malicious items detected)Registry Values Detected: 0
(No malicious items detected)Registry Data Items Detected: 0
(No malicious items detected)Folders Detected: 0
(No malicious items detected)Files Detected: 1
C:\Windows\System32\aJUFJta.exe (Trojan.Agent.ZB) -> No action taken. -
Please see attached
-
The site said I didn't have permission to upload this type of file
-
-
Just got a screen shot sent to me & I think they are showing as Excel files.
I'll advise back asap
-
The scan completed ,but there doesn't appear to be a CSV file.
MWB log attached
-
MWB will prompt a restart after removal.Should I ignore this?
-
The first one says deleted & the second shows it returned.
-
-
Log files atached
Wasn't sure if you wanted MWB to delete or just run the scan?
-
-
Look's like we're still in trouble
I ran another MWB quick scan afterwards & it's still there
Log files attached
MBAM-log-2014-01-06 (15-28-32)a.txt
-
-
Sorry I'm having difficulty getting replies from the person who has the infected computer, due the the extended holiday period here in the UK.
I'll be online again all day through next week, when I'm back at work, & will be able keep contact with him & run through the procedures ,without all these delays.
Thanks for your patience.
Dennis
-
-
If convenient, could you please post a new fix file on Friday please?
Many thanks
-
I'm helping a friend on this, but have been out of contact over the Xmas period.
Hope to continue soon
Thanks
-
Sorry but it'll be after Christmas before I can reply on this
I'd be grateful if you could keep the topic open.
Thanks
Dennis
-
-
Only thing it's found is replicationmanager.exe
I think this is used with a contact management program to replicate data to & from a server at work,so didn't remove.
No sign of the trojan though.
-
Log file attached
-
Yes it's there now
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.orgDatabase version: v2013.12.19.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
NB01 [administrator]19/12/2013 20:51:45
MBAM-log-2013-12-20 (08-39-18).txtScan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240535
Time elapsed: 11 minute(s), 29 second(s)Memory Processes Detected: 0
(No malicious items detected)Memory Modules Detected: 0
(No malicious items detected)Registry Keys Detected: 0
(No malicious items detected)Registry Values Detected: 0
(No malicious items detected)Registry Data Items Detected: 0
(No malicious items detected)Folders Detected: 0
(No malicious items detected)Files Detected: 1
C:\Windows\System32\YAeEGhx.exe (Trojan.Agent.ZB) -> No action taken.(end)
URL
Trojan.Agent.ZB
in Resolved Malware Removal Logs
Posted
Many thanks for your assistance
Dennis