Jump to content

Recommended Posts

Hello,

I'm brand new to this and probably not following all the proper procedures but felt compelled to respond. This is for ZarathosNY as I experienced an almost identical issue today. MalwareBytes kept informing me of blocked outgoing requests from 2 to 3 different ip addresses which I traced to a server in Germany. Some post I ran across led me to trying Kapersky TDSSKiller which found a rootkit that both AVG and MalwareBytes did not. I updated to databas 8199 this morning and ran the scan which yielded several exploit.drop issues only. Here's the mbam log:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8199

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/20/2011 10:29:01 AM

mbam-log-2011-11-20 (10-29-01).txt

Scan type: Quick scan

Objects scanned: 179469

Time elapsed: 24 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator\local settings\Temp\0.6568913108741056.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\local settings\Temp\0.9735209040529982.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\local settings\Temp\thpm3368966003967669305.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\local settings\Temp\thpm6546157104216673302.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

c:\documents and settings\administrator\local settings\Temp\thpm103571590641041334.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

After running TDSSKiller,picking "cure", and re-booting, my issue was gone. Hope this helps someone.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.