Jump to content

Win32/Conficker.B worm infection

NunChukaKata
 Share

Recommended Posts

NunChukaKata

NunChukaKata

Posted
  • Author
Posted

That possibly could be what is happening. I ran a full scan in safe mode last night and MSE found no signs of a virus. I've posted some of the last few instances where it found something and automatically quarantined the virus.

2012-08-29T20:25:07.114Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-29T20:25:34.460Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-29T20:25:34.460Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-29T20:25:34.460Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{17B7FD55-CBD8-4A82-AE7E-A8D10E28C4C8}

Scan Source:6

Start Time:‎08‎-‎29‎-‎2012 15:25:05

End Time:‎08‎-‎29‎-‎2012 15:25:34

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎29‎-‎2012 15:25:34

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:A10C53FDAE40C189CB725910F36EB5D6689C42E1

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎29‎-‎2012 15:25:36

Result:0

2012-08-29T20:25:36.538Z Task(SpyNetService -RestrictPrivileges -AccessKey 88A7B8F3-C3C0-2AE3-EFA6-328B038FD477) launched

DSS Timeout:Received results after timeout

2012-08-29T20:25:38.054Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

Begin Resource Scan

Scan ID:{D45CFE02-166E-4E6B-9C22-2A2C15C10014}

Scan Source:3

Start Time:‎08‎-‎29‎-‎2012 15:31:02

End Time:‎08‎-‎29‎-‎2012 15:31:03

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-29T20:31:03.607Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-29T20:31:03.607Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-29T20:31:08.636Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-29T20:31:08.636Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{5510E89D-AEAF-4BDB-93FC-EE09288191CF}

Scan Source:6

Start Time:‎08‎-‎29‎-‎2012 15:31:07

End Time:‎08‎-‎29‎-‎2012 15:31:08

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

--------------------------------------------------------------------------------

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log

Started On ‎08‎-‎29‎-‎2012 16:29:15

************************************************************

2012-08-29T21:29:15.687Z Trace session started - MpWppTracing-08292012-162915-00000003-ffffffff.bin**********Cache stats************

No. Of buckets -> 31573

Each Bucket has max capacity of -> 1 entries

number of Entries is 27825

Number of invalid entries is 0

Number of Inserts issued is 113491

Number of replaces issued is 0

Number of Insert failures is 25

Number of lookups is 1892788

Number of misses is 1673279

Number of false fast lookups is 295475

Number of invalidations is 3992

Number of maintenance invalidations is 0

Current File Size is 761856

Journal ID = 1cd7fa0f8752055

Trusted image state = 1 USN = 0

2012-08-29T21:29:17.921Z Verifying RTP plugin...

2012-08-29T21:29:18.046Z verified!

2012-08-29T21:29:19.062Z Loading engine...

2012-08-29T21:29:19.203Z Verifying engine and signature files (source: 1) ...

2012-08-29T21:29:19.437Z verified!

2012-08-29T21:29:29.703Z Initializing SQM in engine...

2012-08-29T21:29:29.703Z SQM initialized in the engine successfully

2012-08-29T21:29:29.859Z loaded!

2012-08-29T21:29:29.890Z NisUpdate from SignatureDropLocation returns S_OK

2012-08-29T21:29:29.890Z NisUpdate from SignatureDefaultLocation returns S_OK

2012-08-29T21:29:29.906Z Verifying license file...

2012-08-29T21:29:29.906Z verified!

2012-08-29T21:29:29.906Z Product supports installmode: 1

2012-08-29T21:29:29.953Z Task(-GenuineCheck -RestrictPrivileges) launched

2012-08-29T21:29:30.093Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)

Product Version: 4.0.1526.0

Service Version: 4.0.1526.0

Engine Version: 1.1.8704.0

AS Signature Version: 1.135.81.0

AV Signature Version: 1.135.81.0

************************************************************

2012-08-29T21:29:35.125Z Error retrieving instance AntiSpywareProduct:0x80041002

2012-08-29T21:29:35.796Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)

2012-08-29T21:29:38.234Z WAT report: machine genuine, state(1) error(0x0)

2012-08-29T21:39:30.015Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)

2012-08-29T21:39:30.015Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 33510466(ms)

2012-08-29T21:39:30.125Z AutoPurgeWorker triggered with dwWork=0x3

2012-08-29T21:39:30.125Z Product supports installmode: 1

2012-08-29T21:39:30.390Z Task(-GenuineCheck -RestrictPrivileges) launched

2012-08-29T21:39:31.515Z WAT report: machine genuine, state(1) error(0x0)

2012-08-29T21:39:48.187Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)

Link to post
Share on other sites
NunChukaKata

NunChukaKata

Posted
  • Author
Posted

It didn't find the virus on a normal scan either:

Log:

************************************************************

Beginning threat actions

Start time:‎08‎-‎30‎-‎2012 11:08:59

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:5E53B6ADD8D41F56832BA8A357E8E52F779CD713

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎30‎-‎2012 11:09:04

Result:0

DSS Timeout:Received results after timeout

2012-08-30T16:09:06.426Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

Begin Resource Scan

Scan ID:{0ACD8C29-40B6-4168-A357-CA895329F2AB}

Scan Source:3

Start Time:‎08‎-‎30‎-‎2012 11:21:16

End Time:‎08‎-‎30‎-‎2012 11:21:18

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-30T16:21:18.301Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-30T16:21:18.301Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-30T16:21:23.238Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-30T16:21:23.238Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{69B1118E-E7E7-47E4-8D3A-2BC3F76BE249}

Scan Source:6

Start Time:‎08‎-‎30‎-‎2012 11:21:21

End Time:‎08‎-‎30‎-‎2012 11:21:23

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-30T16:21:25.472Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-30T16:21:59.528Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-30T16:21:59.528Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-30T16:21:59.528Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{EA4961FE-6628-4E5F-99FC-6E21A088766B}

Scan Source:6

Start Time:‎08‎-‎30‎-‎2012 11:21:23

End Time:‎08‎-‎30‎-‎2012 11:21:59

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎30‎-‎2012 11:21:59

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:8BC8C3B1B3DDCEA08C7B41C4559EFAF2A0539AA2

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎30‎-‎2012 11:22:04

Result:0

2012-08-30T16:22:04.542Z Task(SpyNetService -RestrictPrivileges -AccessKey 60AE3386-2D06-1ADA-8BA1-1856F380E4B4) launched

2012-08-30T16:22:06.058Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

DSS Timeout:Received results after timeout

2012-08-30T16:53:08.497Z Task(SignaturesUpdateService -UnmanagedUpdate) launched

2012-08-30T16:53:47.161Z Verifying engine and signature files (source: 0) ...

2012-08-30T16:53:48.224Z verified!

2012-08-30T16:53:57.066Z Initializing SQM in engine...

2012-08-30T16:53:57.066Z SQM initialized in the engine successfully

2012-08-30T16:53:57.316Z Initializing RTP plugin state...

****************************RTP Perf Log***************************

RTP Start:‎08‎-‎30‎-‎2012 07:27:54

Last Perf:‎08‎-‎30‎-‎2012 07:27:54

First RTP Scan:‎08‎-‎30‎-‎2012 07:27:54

Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1

Process Exclusions:

Path Exclusions:

Ext Exclusions:

Worker Threads:

AM:16

Async:4

Cache Flushes:

RTP:1

System File Cache:

Hits:1052

Misses:2200

BM Queue:0,660,0

Proc:0,181,0

File:0,660,0

Plugin Queue:0,1,0

Threat:0,1,0

Susp:0,0,0

Unknown:0,0,0

Error:0,0,0

Request Queue:1,3,0

SetEngine:1,1,0

SetState:0,1,0

SetUser:0,0,0

Config:0,1,0

ProcExcl:0,1,0

FilterReload:0,0,0

FilterUnload:0,0,0

MpFilter:

Scans:5871

Pending:0

RegSize:6056

AsyncQNotif:0

AsyncQMissed:0

AsyncQTotalSent:2117566

AsyncQCurrent:0

BMFlags:3

ServiceMaj:0

ServiceMin:0

ProcBitmap:4096

NumInstance:3

TotalStreamCon:5966

TotalBitmap:71112

**************************END RTP Perf Log*************************

Detection:

2012-08-27T12:31:49.500Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-27T12:32:04.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-27T12:58:18.062Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-27T12:58:19.656Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-27T20:06:31.171Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-27T20:06:45.875Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-28T12:28:25.906Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-28T12:28:28.906Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-28T13:55:57.781Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-28T13:56:13.875Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0

2012-08-28T14:17:22.687Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-28T14:17:39.531Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0

2012-08-28T14:44:51.406Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-28T14:44:53.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0

2012-08-28T15:02:27.062Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-28T15:02:28.640Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0

2012-08-28T17:39:31.796Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-28T17:39:34.156Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0

2012-08-29T17:15:33.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-29T17:15:50.484Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.3.0 AV 1.135.3.0

2012-08-29T17:40:56.250Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-29T17:40:59.609Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.3.0 AV 1.135.3.0

2012-08-29T21:29:15.046Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-29T21:29:30.093Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.81.0 AV 1.135.81.0

2012-08-30T12:27:51.265Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-30T12:27:54.843Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.81.0 AV 1.135.81.0

Link to post
Share on other sites
NunChukaKata

NunChukaKata

Posted
  • Author
Posted

Possibly on my machine. However, I believe one of our servers may be infected and is trying to reinfect my machine but MSE catches it and quarantines it. Our MIS department is working to find the server(s) that could be infected and cleaning them. Thanks for all your help. Very much appreciated.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and aswMBR and then uninstall ESET Online Scanner.

Make sure your Windows is up-to-date to prevent such a problems:

http://www.update.microsoft.com/windowsupdate

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe suring! :)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.