Jump to content

Recommended Posts

Hello, I have very limited knowledge about computers, but my computer has been affected by Trojans lately. I performed the Malwarebytes scan and deleted about 30 infected files, but the following files cannot be deleted. What should I do? Thank you very much in advance!

Here's the log:

Malwarebytes' Anti-Malware 1.36

Database version: 1970

Windows 5.1.2600 Service Pack 3

4/11/2009 11:15:21 PM

mbam-log-2009-04-11 (23-15-21).txt

Scan type: Quick Scan

Objects scanned: 79019

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e71ddec5-2fd6-42bd-bfc4-8e57ec87cd02} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{e71ddec5-2fd6-42bd-bfc4-8e57ec87cd02} (Trojan.BHO.H) -> Delete on reboot.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ATSC5.dll (Trojan.BHO.H) -> Delete on reboot.

C:\WINDOWS\Temp\giydbzuy.dat (Rootkit.Agent) -> Delete on reboot.

Link to post
Share on other sites

Hello and Welcome to Malwarebytes' Malware Removal forum.

That threat is safely locked away in your system restore data and it does not pose a threat as is. You can post a HJT log, updated MBAM log, and DDS scan reports, so I can verify whether you're otherwise clean, before purging your system restore points to get rid of that detection.

Please read HJT topic

http://www.malwarebytes.org/forums/index.php?showtopic=9573

Please download ATF Cleaner by Atribune

  • Close Internet Explorer and any other open browsers
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click

  • No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Relaunch Malwarebytes' Anti-Malware

* Click the Update tab and Check for Updates- then wait for MBAM to update

* Click the Scanner tab, and select Perform Quick scan, then click Scan.

* When the scan is complete, click OK -> Show Results to view the scan results.

* Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.

* When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

_____________________________________________

Download DDS and save it to your desktop from here

dds_scr.gif

Disable any script blocking programs you may have installed (such as McAfee script agent):

http://blog.customereffective.com/blog/200...ble-mcafee.html or Norton Script Blocking.

Then double-click dss.scr to run the tool.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

    [*]Save both reports to your desktop

    [*]Please copy and paste both logs into your next reply (do not attach them),

To sum it up, I need to see:

1. An updated MBAM log

2. A HJT log

3. DDS - DDS.txt & Attach.txt posted in your reply - NOT attached.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.