Jump to content

Search the Community

Showing results for tags 'packer.modifedUPX'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. Hi, I was wondering if anyone can tell me how harmful these detected threats are. (malware bytes log below) I have now cleaned/deleted the detected threats on this PC, and am in the process of doing a full clean up on this Windows XP SP3 machine and re install of antivirus (trend) This PC is used in a small organisation and does have sensitive information on it frequently. It is on a windows 2008 domain. No other PCs (knowingly seemed affected) Ive been asked by my Directors if any of these threats could be a key logger or anything more serious? Our company's anti virus is "Trend Micro Worry-Free Business Security Advanced" and was disabled (i didn't notice this for a week or so!) I ran malware bytes trial this morning as the PC was coming up with some weird errors, and after looking closer at the start up entries i noticed 2 weird values, which instantly sounded alarm bells 1. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe 2. C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe Can anyone offer any advice on what these threats are or may have done. I have looked up Trojan.agent, and it seems to be a malware threat that causes errors on your PC, then pushes you to buy rouge 'fix software'. I cant fine much explanation on what the other 2 will do... Many thanks in Advance ps, we are considering buying corporate Malwarebytes to scan and keep tabs on our entire network. (we would be after 25 licenses probably), is this just the pro version we install 25 times? or is there a web console interface to manage the whole lot from a single point? (like more business anti virus management consoles?) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 <maskedusername> :: <maskedcomputername> [administrator] Protection: Enabled 04/07/2012 10:48:05 mbam-log-2012-07-04 (10-48-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 242588 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5C039C6D-265D-0CCE-F087-FDA623520695} (Trojan.Agent.TBM) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{806D7BCF-83A9-8650-A913-6178B27FB63A} (Trojan.Agent) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Hilgraeve Inc (Packer.ModifiedUPX) -> Data: C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe (Trojan.Agent.TBM) -> Quarantined and deleted successfully. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe (Packer.ModifiedUPX) -> Delete on reboot. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.