VWA2Guy Posted November 20, 2011 ID:496495 Share Posted November 20, 2011 Hello, I'm brand new to this and probably not following all the proper procedures but felt compelled to respond. This is for ZarathosNY as I experienced an almost identical issue today. MalwareBytes kept informing me of blocked outgoing requests from 2 to 3 different ip addresses which I traced to a server in Germany. Some post I ran across led me to trying Kapersky TDSSKiller which found a rootkit that both AVG and MalwareBytes did not. I updated to databas 8199 this morning and ran the scan which yielded several exploit.drop issues only. Here's the mbam log: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8199Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870211/20/2011 10:29:01 AMmbam-log-2011-11-20 (10-29-01).txtScan type: Quick scanObjects scanned: 179469Time elapsed: 24 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\documents and settings\administrator\local settings\Temp\0.6568913108741056.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.c:\documents and settings\administrator\local settings\Temp\0.9735209040529982.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.c:\documents and settings\administrator\local settings\Temp\thpm3368966003967669305.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.c:\documents and settings\administrator\local settings\Temp\thpm6546157104216673302.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.c:\documents and settings\administrator\local settings\Temp\thpm103571590641041334.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - After running TDSSKiller,picking "cure", and re-booting, my issue was gone. Hope this helps someone. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 1, 2011 Staff ID:500223 Share Posted December 1, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 12, 2011 Staff ID:503835 Share Posted December 12, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 22, 2011 Staff ID:508143 Share Posted December 22, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts