Jump to content

Search the Community

Showing results for tags 'Trojan.QHost.Gen'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. Fake "S.M.A.R.T Repair Trial Version Installed" and now at startup, Data Recovery screen along with many tiled System Messages - "Write Fault Error" shows up. Startup Menu and Desktop show nothing, therefore cannot access any folders or applications. Running MBAM (from Task Tray) repeatedly show PUM.Hijack.StartMenu and PUM.Hidden.Desktop, Trojan.QHost.Gen, Trojan.QHost.BG, Trojan.Agent.LTGen, Rootkit TDSS. More recently, Trojan.FakeAlert and Exploit.Drop.4 has been detected. They continue to appear after removal and quarantine. Nunerous attempts to Safe Start (F8) show Security Log Full and entering administrator's password will not work because it does not allow selection of my login domain anymore. Managed to access internet and reach you through MBAM's "About" tab with link to MBAM website. Below are my logs from 5/17 and 5/18. I will be running another scan after this message. Please advise if you need MBAM scan or protection log files. As indicated, the only way I am accessing internet is through the MBAM site. Thank you in advance, moonshadow56 **************************************** Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.17.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sshiigi :: DFB69GJ1 [administrator] Protection: Enabled 5/17/2012 10:28:57 AM mbam-log-2012-05-17 (10-28-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 461063 Time elapsed: 2 hour(s), 33 minute(s), 46 second(s) Memory Processes Detected: 1 C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe (Trojan.QHost.Gen) -> 4084 -> Delete on reboot. Memory Modules Detected: 1 C:\Documents and Settings\sshiigi\Application Data\dplayx.dll (Trojan.QHost.BG) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.Gen) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.Gen) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe (Trojan.QHost.Gen) -> Delete on reboot. C:\Documents and Settings\sshiigi\Application Data\dplayx.dll (Trojan.QHost.BG) -> Delete on reboot. (end) ******************************* Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.17.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sshiigi :: DFB69GJ1 [administrator] Protection: Enabled 5/18/2012 5:54:47 AM mbam-log-2012-05-18 (05-54-47).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 461653 Time elapsed: 1 hour(s), 54 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nscob (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\sshiigi\LOCALS~1\Temp\nscob.dll",MessageBoxChecked -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\sshiigi\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|npntv (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\sshiigi\LOCALS~1\Temp\npntv.dll",ComputeIMTFromPerTexelSignal -> Quarantined and deleted successfully. Registry Data Items Detected: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP477\A0158918.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. (end)
  2. Although MBAM does detect the files associated with the Trojan.Qhost.Gen and .BG (dplaysvr.exe & dplayx.dll), it does not appear to detect or warn that the hosts file has been changed. I'm not positive, but apparently it was changed by these Trojans. In my case , the host file redirected the browser to a site in Romania ? when either www.google.com or www.bing.com was browsed. Is it possible to warn users when the host file has lines in it without the # character ? Thanks, mandacat
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.