Wendeng Posted July 11, 2013 ID:701448 Share Posted July 11, 2013 What does it mean when it says bad(1) Quarantined and Successfully repaired because it said that on a virus/keylogger Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2013 Root Admin ID:701449 Share Posted July 11, 2013 Please post the log from that so that we can assist you better. Thanks Link to post Share on other sites More sharing options...
Wendeng Posted July 11, 2013 Author ID:701450 Share Posted July 11, 2013 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.04.04.07 Windows Vista Service Pack 1 x86 NTFSInternet Explorer 8.0.6001.19088wen :: WEN-PC [administrator] 7/9/2013 5:44:47 PMmbam-log-2013-07-09 (17-44-47).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 499186Time elapsed: 4 hour(s), 12 minute(s), 54 second(s) Memory Processes Detected: 1C:\Users\wen\Desktop\songs\Desktop\Documents\MSDCSC\KqGqrlE3sHQf\msdcsc.exe (Backdoor.Agent.DC) -> 2100 -> Delete on reboot. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 5HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> No action taken.HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> No action taken.HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> No action taken.HKCU\SOFTWARE\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully.HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinLogon (Malware.Trace) -> Data: C:\Users\wen\AppData\Local\Temp\msdcsc.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MicroUpdate (Backdoor.Agent.DC) -> Data: C:\Users\wen\Desktop\songs\Desktop\Documents\MSDCSC\KqGqrlE3sHQf\msdcsc.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 3HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent.DC) -> Bad: (C:\Users\wen\Desktop\songs\Desktop\Documents\MSDCSC\KqGqrlE3sHQf\msdcsc.exe) Good: () -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\wen\Desktop\songs\Desktop\Documents\MSDCSC\KqGqrlE3sHQf\msdcsc.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully. Folders Detected: 5C:\Users\wen\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\BILEVSE (Rogue.RegTidy) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\BILEVSE\RegTidy (Rogue.RegTidy) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\BILEVSE\RegTidy\Backup (Rogue.RegTidy) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\BILEVSE\RegTidy\Backup\Registry (Rogue.RegTidy) -> Quarantined and deleted successfully. Files Detected: 19C:\Program Files\Adobe\Adobe Audition CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\Program Files\Adobe\Adobe Bridge CS6\AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\Program Files\Adobe\Adobe Dreamweaver CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\Program Files\Adobe\Adobe Fireworks CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\Program Files\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\Users\wen\Desktop\HHT v5\HaloPC Modding Kit V1.7\Runnables\AllDevCE.exe (PUP.HackTool.HotKeysHook) -> No action taken.C:\Program Files\PPLive\PPTV\3.2.2.0022\ppliverepair.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Local\Temp\PPTV_Update.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Local\VirtualStore\Program Files\pipi\ppupfiles20090824.zip (Trojan.MultiGen) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\PPLive\PPTV\Update\PPTV_Update.exe (Trojan.Dropper) -> Quarantined and deleted successfully.D:\360Downloads\360安全卫士 7.6正式版.exe (Trojan.Agent) -> Quarantined and deleted successfully.D:\360Downloads\360杀毒迷你包_1.2.0.1322Z.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\dclogs\2013-07-07-1.dc (Stolen.Data) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\dclogs\2013-07-08-2.dc (Stolen.Data) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Roaming\dclogs\2013-07-09-3.dc (Stolen.Data) -> Quarantined and deleted successfully.C:\Users\wen\AppData\Local\Temp\msdcsc.exe (Malware.Trace) -> Quarantined and deleted successfully.C:\Users\wen\Desktop\songs\Desktop\Documents\MSDCSC\KqGqrlE3sHQf\msdcsc.exe (Backdoor.Agent.DC) -> Delete on reboot.C:\Users\wen\AppData\Roaming\BILEVSE\RegTidy\Backup\Registry\20120617105131.reg (Rogue.RegTidy) -> Quarantined and deleted successfully. (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2013 Root Admin ID:701451 Share Posted July 11, 2013 It means it should have deleted the file and restored the correct entry in the Registry value. You should reboot the computer and then rescan again with MBAM as well as an up to date antivirus program to ensure everything comes back clean now. Link to post Share on other sites More sharing options...
Wendeng Posted July 11, 2013 Author ID:701452 Share Posted July 11, 2013 Yeah thanks for the quick response. Before i scanned my task manager was disabled but after it removed the virus and task manager is enabled i also scanned 2 more times just in case. Thanks again. I was wondering at the part with MSDCSC was a keylogger and it show the folder. Was it hidden before because that was the keylogger Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2013 Root Admin ID:701455 Share Posted July 11, 2013 Yes, more than likely. If you want you can have someone assist you for free to run some other scans to verify if the system is clean or may need updates, etc.I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.Thanks Link to post Share on other sites More sharing options...
Wendeng Posted July 11, 2013 Author ID:701458 Share Posted July 11, 2013 Just from looking at the log do you think the MSDCSC has been remove because i deleted the folder too or is it still hidden Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2013 Root Admin ID:701460 Share Posted July 11, 2013 Unfortunately one really needs to run scans with other tools to verify and determine if anything is still going on. Link to post Share on other sites More sharing options...
Wendeng Posted July 11, 2013 Author ID:701473 Share Posted July 11, 2013 Can you tell me the tools needed Link to post Share on other sites More sharing options...
Guest masterblokz Posted July 11, 2013 ID:701487 Share Posted July 11, 2013 If you would like assistance with your suspected malware issues, please go to this ---> Topic <---- and follow all instructions Link to post Share on other sites More sharing options...
Wendeng Posted July 11, 2013 Author ID:701493 Share Posted July 11, 2013 Yes i will do that when i get back on the computer Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2013 Root Admin ID:701514 Share Posted July 11, 2013 Okay, sounds good. I'll go ahead then and close this topic now then. Link to post Share on other sites More sharing options...
Recommended Posts