Jump to content

Recommended Posts

Hi,

I was wondering if anyone can tell me how harmful these detected threats are. (malware bytes log below)

I have now cleaned/deleted the detected threats on this PC, and am in the process of doing a full clean up on this Windows XP SP3 machine and re install of antivirus (trend)

This PC is used in a small organisation and does have sensitive information on it frequently. It is on a windows 2008 domain. No other PCs (knowingly seemed affected)

Ive been asked by my Directors if any of these threats could be a key logger or anything more serious?

Our company's anti virus is "Trend Micro Worry-Free Business Security Advanced" and was disabled (i didn't notice this for a week or so!)

I ran malware bytes trial this morning as the PC was coming up with some weird errors, and after looking closer at the start up entries i noticed 2 weird values, which instantly sounded alarm bells

1. C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe

2. C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe

Can anyone offer any advice on what these threats are or may have done.

I have looked up Trojan.agent, and it seems to be a malware threat that causes errors on your PC, then pushes you to buy rouge 'fix software'.

I cant fine much explanation on what the other 2 will do...

Many thanks in Advance

ps, we are considering buying corporate Malwarebytes to scan and keep tabs on our entire network. (we would be after 25 licenses probably), is this just the pro version we install 25 times? or is there a web console interface to manage the whole lot from a single point? (like more business anti virus management consoles?)


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.04.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
<maskedusername> :: <maskedcomputername> [administrator]
Protection: Enabled
04/07/2012 10:48:05
mbam-log-2012-07-04 (10-48-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242588
Time elapsed: 4 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5C039C6D-265D-0CCE-F087-FDA623520695} (Trojan.Agent.TBM) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{806D7BCF-83A9-8650-A913-6178B27FB63A} (Trojan.Agent) -> Data: "C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Hilgraeve Inc (Packer.ModifiedUPX) -> Data: C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\<maskedusername>\Application Data\Mem\ywceavr.exe (Trojan.Agent.TBM) -> Quarantined and deleted successfully.
C:\Documents and Settings\<maskedusername>\Application Data\Utb\nyruaq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\<maskedusername>\Application Data\D35189.exe (Packer.ModifiedUPX) -> Delete on reboot.
(end)

Link to post
Share on other sites

Hello -

As your statement seems to indicate that this is a business/technician/retail/corporate environment, please contact corporate support and they will be happy to assist you with this.

Please send an email to corporate-support@malwarebytes.org.

Also make sure you have malwarebytes.org and salesforce.com in your Safe Sender list in email.

In order to assist you better please provide the following information when contacting them:

Cleverbridge Order Reference Number:

Organization name:

Approved Contact name:

If you no longer have access to the order number for your company license, you can contact Cleverbridge to obtain information about your order:

Cleverbridge customer service

Thank You -

EDIT - ""Malwarebytes Anti-Malware (Trial) 1.61.0.1400""

Please note that the Free version is not for company use as it breaches the programs EULA, and is generally illegal.

The Free or Trial versions are only for Home use, and all commercial use must be licensed -

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.