Jump to content

basskozz

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by basskozz

  1. ok, sorry, I jumped the gun when I posted that... I understand now, if MalwareBytes isn't going to work properly in a PE environment, then it's probably not worth the effort making it work in PE in the first place. Thanks for clarifying exile360 (I was lazy and didn't read the whole thread ;-P)
  2. But if you have a computer that can NOT boot into normal mode or safe mode, then MalWareBytes is useless I have a computer that won't even boot into safe mode, and I've come across a few of these senarios and I've had to use other utilities (SBS&D, Super Anti-Spyware, etc...) because there isn't any support for MalWareBytes So why completely alienate the users who can't get windows to boot?
  3. Update: AVG 8.0 LOG: AVG 8.0 Anti-Virus command line scannerCopyright © 1992 - 2008 AVG TechnologiesProgram version 8.0.145, engine 8.0.0Virus Database: Version 270.9.13/1825 2008-12-02 C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested. C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested. C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\LogMeInRemoteUser\ntuser.dat.LOG Locked file. Not tested. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested. C:\pagefile.sys Locked file. Not tested. C:\System Volume Information\ Locked file. Not tested. C:\WINDOWS\system32\busulupa.dll.tmp Trojan horse SHeur2.BNC Object was moved to Virus Vault.C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested. C:\WINDOWS\system32\config\default.LOG Locked file. Not tested. C:\WINDOWS\system32\config\SAM Locked file. Not tested. C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested. C:\WINDOWS\system32\config\SECURITY Locked file. Not tested. C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested. C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested. C:\WINDOWS\system32\config\software.LOG Locked file. Not tested. C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested. C:\WINDOWS\system32\config\system.LOG Locked file. Not tested. C:\WINDOWS\system32\gepimana.dll.tmp Trojan horse SHeur2.BNC Object was moved to Virus Vault.C:\WINDOWS\system32\lenokome.dll.tmp Trojan horse SHeur2.BNC Object was moved to Virus Vault. ------------------------------------------------------------Objects scanned : 374488Found infections : 3Found PUPs : 0Healed infections : 3Healed PUPs : 0Warnings : 0------------------------------------------------------------
  4. I am working on my cousins computer, and it is INFECTED with Trojan.Agent & Virtumonde.prx and I can't seem to get it off his computer. I've scanned the computer multiple times (in both normal-mode and safe-mode) using the latest versions of the following programs: SpyBot S&D Malwarebytes' Anti-Malware (of course ) AVG 8.0 Anti-Virus VundoFix (didn't find anything) VirtumundoBeGone (also didn't find anything) Here is a screenshot of SpyBotS&D results: <---Click to see larger And now for the logs: Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware 1.30Database version: 1450Windows 5.1.2600 Service Pack 2 12/3/2008 2:01:48 AMmbam-log-2008-12-03 (02-01-26).txt Scan type: Full Scan (C:\|E:\|)Objects scanned: 98270Time elapsed: 8 minute(s), 25 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lutezibaji (Trojan.Agent) -> No action taken. Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)VirtumundoBeGone v1.5 [12/03/2008, 0:26:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Cheyne\Desktop\VirtumundoBeGone.exe" )[12/03/2008, 0:27:05] - Detected System Information:[12/03/2008, 0:27:05] - Windows Version: 5.1.2600, Service Pack 2[12/03/2008, 0:27:05] - Current Username: Cousin (Admin)[12/03/2008, 0:27:05] - Windows is in NORMAL mode.[12/03/2008, 0:27:05] - Searching for Browser Helper Objects:[12/03/2008, 0:27:05] - BHO 1: {f8a5ef5d-157c-4f30-b303-01ba2970a47d} ()[12/03/2008, 0:27:05] - WARNING: BHO has no default name. Checking for Winlogon reference.[12/03/2008, 0:27:05] - Checking for HKLM\...\Winlogon\Notify\welatili[12/03/2008, 0:27:05] - Key not found: HKLM\...\Winlogon\Notify\welatili, continuing.[12/03/2008, 0:27:05] - Finished Searching Browser Helper Objects[12/03/2008, 0:27:05] - Finishing up...[12/03/2008, 0:27:05] - Nothing found! Exiting...HijackThis v2.0.2 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:22:06 AM, on 12/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network support Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.comO2 - BHO: (no name) - {f8a5ef5d-157c-4f30-b303-01ba2970a47d} - C:\WINDOWS\system32\welatili.dll (file missing)O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"O4 - HKLM\..\Run: [lutezibaji] Rundll32.exe "C:\WINDOWS\system32\rilihoki.dll",sO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKUS\S-1-5-19\..\Run: [lutezibaji] Rundll32.exe "C:\WINDOWS\system32\rilihoki.dll",s (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [lutezibaji] Rundll32.exe "C:\WINDOWS\system32\rilihoki.dll",s (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-1671511615-2231150215-3758753009-1008\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'LogMeInRemoteUser')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{33B0502F-2B59-4CFE-84C7-82CDA9B9BC40}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: C:\WINDOWS\system32\gujayiwo.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exeO23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe --End of file - 4181 bytesThanks in advance for any/all assistance, -BassKozz
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.