Jump to content

another Trojan.Vundo


Lazer

Recommended Posts

Hi all

I'm new to Malwarebytes

I just installed Malwarebytes and three scans two in regular mode the other in safe mode. and came up with Trojan.Vundo

Please let me know if i could take these out of quarantine.

Please help

I have never had an issue like this

I'd be grateful for your help

Here are the log files

Lazer

Malwarebytes' Anti-Malware 1.34

Database version: 1798

Windows 5.1.2600 Service Pack 3

2/23/2009 10:46:01 PM

mbam-log-2009-02-23 (22-46-01).txt

Scan type: Full Scan (C:\|)

Objects scanned: 159083

Time elapsed: 1 hour(s), 42 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

3/5/2009 8:40:49 AM

mbam-log-2009-03-05 (08-40-49).txt

Scan type: Quick Scan

Objects scanned: 85120

Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

3/5/2009 10:41:46 AM

mbam-log-2009-03-05 (10-41-46).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)

Objects scanned: 165410

Time elapsed: 1 hour(s), 11 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\DLLCACHE\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Files Infected:

C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\DLLCACHE\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

These are the files MALWAREBYTE'S ANTIMALWARE has found last wednesday , don't delete them ! I deleted them forever and now I don't know how to have them again !

Link to post
Share on other sites

wextract.exe should be in the Quarantine area and can be restored after you update to the latest MBAM definitions 1825 that corrects this False positive.

By the way, a Full scan is not required as 99.9% of infections are detected by a Quick scan.

Link to post
Share on other sites

wextract.exe should be in the Quarantine area and can be restored after you update to the latest MBAM definitions 1825 that corrects this False positive.

By the way, a Full scan is not required as 99.9% of infections are detected by a Quick scan.

Thank you for your help.

I hate not knowing what to do.

Also thanks for the info on not having to run a full scan. It takes a looong time.

Lazer

Link to post
Share on other sites

These are the files MALWAREBYTE'S ANTIMALWARE has found last wednesday , don't delete them ! I deleted them forever and now I don't know how to have them again !

Thanks for the advise, I don't like deleting files especially when they look important. I'd rather keep them quarantined.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.