Jump to content

Recommended Posts

Got a call from a user, got on the machine, killed the process tree for the virus running, logged out, logged in as an* administrator, installed mbam, updated mbam, ran quick scan, removed trojan.exeshell.gen, ran full scan, removed trojan.fakems; Updated adobe products, updated java; rebooted; ran mbam (found nothing), updated and ran superantispyware (found cookies...), updated and ran spybots&d (found 1 cookie); ran symantec active scan, then full scan (found nothing);

At this point i turned the pc back over to the user, the user logged back in only to find that her program links are all broken; If you check the links some say %homegroup% %homegroup% instead of the correct Start in folder and some are just blank; Running the programs from her user id fail; Running the same ones from mine work fine (both from her desktop folder and from mine);

Cleaned off: trojan.exeshell.gen and trojan.fakems

____

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.04.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

x :: 007PC035 [administrator]

1/4/2012 11:55:28 AM

mbam-log-2012-01-04 (11-55-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232533

Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\y\Local Settings\Application Data\owa.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.04.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

x :: 007PC035 [administrator]

1/4/2012 12:20:28 PM

mbam-log-2012-01-04 (12-20-28).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 274902

Time elapsed: 51 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\y\Application Data\Sun\Java\Deployment\cache\6.0\51\66fed433-693c20f6 (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

--------------

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.04.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

x :: 007PC035 [administrator]

1/4/2012 3:30:59 PM

mbam-log-2012-01-04 (15-30-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233460

Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.