Jump to content

Recommended Posts

I used MBAM to remove malware that was hijacking my browser.  It identified Trojan.agent.fsavxgen.  I quarantined it and rebooted.   My browser is still getting hijacked.  However, MBAM does not identify this problem on subsequent scans.  I realized that I didn't run a rootkit analysis the first time.  I ran it just now and it still didn't find anything.  Here are the two logs - one from the first scan, and the second from the rootkit scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/10/2015
Scan Time: 11:22:17 AM
Logfile: malware cleanup.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: tara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353137
Time Elapsed: 4 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\INPROCSERVER32, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, HKU\S-1-5-21-2745915492-508387089-2227109341-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, HKU\S-1-5-21-2745915492-508387089-2227109341-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],

Registry Values: 4
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [a26450ee0b711c1a1285803a738f2cd4]
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [a26450ee0b711c1a1285803a738f2cd4]
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [f6101628de9e47ef1e79ad0d80823ac6],
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [55b13a04e4987cbaacebf6c44eb439c7],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],
Trojan.Agent.FSAVXGen, C:\Users\tara\AppData\Local\Temp\135.tmp, Quarantined, [c5416cd24636b680c5b142513ac73bc5],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/13/2015
Scan Time: 11:16:24 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.11.05
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: tara

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 531725
Time Elapsed: 59 min, 50 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Can someone please tell me how to fix this? Thank you so much!

 

-Theresa

Link to post
Share on other sites

Hello and Welcome to Malwarebytes -Theresa

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.