Jump to content

rsonnie

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by rsonnie

  1. Here's the other log. This may not be a FP because after i let these files get cleared out, I can see the 'seneka.jpg' screenshot I saved earlier. There must still be some registry entries that were loading these files. Malwarebytes' Anti-Malware 1.31 Database version: 1599 Windows 5.1.2600 Service Pack 2 1/2/2009 10:59:41 PM mbam-log-2009-01-02 (22-59-41).txt Scan type: Quick Scan Objects scanned: 96679 Time elapsed: 6 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\senekameflhymi.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 1847079707666323232323232323215697777] C:\WINDOWS\system32\senekasplwsfvx.dll (Trojan.Agent) -> Delete on reboot. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 1847079707666323232323232323215697777] C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 1847079707666697115696685] C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 184707970766615696685] C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 184707970766677807215696685] C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 137837487708384618470797076661584908411] C:\WINDOWS\system32\drivers\senekajkomudev.sys (Trojan.Agent) -> Quarantined and deleted successfully. [3857535134305383807566791534727079851301362761564247374856526184908485707820196 13783748770838461847079707666323232323232323215849084] Let me know if you need anything to investigate this.
  2. Oops. Just saw the sticky. I'll run this again with mbam.exe /developer
  3. Hi guys. Great product. It removed the remnants of the Vundo virus that NAV 2008 didn't touch. I can now access he internet sites ike your again/ yeh! I did get an false positive for a bunch of seneka Trojen.Agnet files. I did the first scan using the downloaded software. Here's the log: Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 2 1/2/2009 9:57:02 PM mbam-log-2009-01-02 (21-57-02).txt Scan type: Quick Scan Objects scanned: 92249 Time elapsed: 6 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 36 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efccuvne -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\efcCuVNe.dllDEL (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eNVuCcfe.ini2del (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eNVuCcfe.inidel (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekabompxkru.dll (Trojan.Seneka) -> Delete on reboot. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\rsonnie\GoToAssist_phone__268_en.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\rsonnie\GoToAssist_phone__317_en.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. I then rebooted and updated the product and ran it again. Here's log #2: Malwarebytes' Anti-Malware 1.31 Database version: 1599 Windows 5.1.2600 Service Pack 2 1/2/2009 10:16:15 PM mbam-log-2009-01-02 (22-16-15).txt Scan type: Quick Scan Objects scanned: 96478 Time elapsed: 6 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\senekameflhymi.dll (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\senekasplwsfvx.dll (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\drivers\senekajkomudev.sys (Trojan.Agent) -> Not selected for removal. All the 'seneka*' files in the files section aren't actually there on the disk. The first scan found some files, but they didn't show up on the disk either. I included a screen shot of the directory. I tried to save this screenshot as seneka.jpg, but guess what! It doesn't show up either! Maybe there's still something suppressing the display of these. I think I'll run it again and have it quarentine those files anyway. Hope this helps!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.