alwayssky Posted January 13, 2015 ID:929238 Share Posted January 13, 2015 I used MBAM to remove malware that was hijacking my browser. It identified Trojan.agent.fsavxgen. I quarantined it and rebooted. My browser is still getting hijacked. However, MBAM does not identify this problem on subsequent scans. I realized that I didn't run a rootkit analysis the first time. I ran it just now and it still didn't find anything. Here are the two logs - one from the first scan, and the second from the rootkit scan. Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/10/2015Scan Time: 11:22:17 AMLogfile: malware cleanup.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.11.20.06Rootkit Database: v2015.01.07.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: taraScan Type: Threat ScanResult: CompletedObjects Scanned: 353137Time Elapsed: 4 min, 8 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 7PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\INPROCSERVER32, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, HKU\S-1-5-21-2745915492-508387089-2227109341-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, HKU\S-1-5-21-2745915492-508387089-2227109341-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],Registry Values: 4PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [a26450ee0b711c1a1285803a738f2cd4]PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [a26450ee0b711c1a1285803a738f2cd4]PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [f6101628de9e47ef1e79ad0d80823ac6],PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [55b13a04e4987cbaacebf6c44eb439c7],Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 3PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll, Quarantined, [a26450ee0b711c1a1285803a738f2cd4],Trojan.Agent.FSAVXGen, C:\Users\tara\AppData\Local\Temp\135.tmp, Quarantined, [c5416cd24636b680c5b142513ac73bc5],Physical Sectors: 0(No malicious items detected)(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/13/2015Scan Time: 11:16:24 AMLogfile:Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.11.05Rootkit Database: v2015.01.07.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: taraScan Type: Custom ScanResult: CompletedObjects Scanned: 531725Time Elapsed: 59 min, 50 secMemory: DisabledStartup: DisabledFilesystem: EnabledArchives: DisabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Can someone please tell me how to fix this? Thank you so much! -Theresa Link to post Share on other sites More sharing options...
Firefox Posted January 13, 2015 ID:929246 Share Posted January 13, 2015 Hello and Welcome to Malwarebytes -Theresa Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware. Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers Thank you Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now