Jump to content

Repeat detection,that fails to permenently delete


Fatdcuk

Recommended Posts

Hi all,

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

If you are suffering form the above repeat detection which MBAM is failing to permenently remove then you have a new Autorun Worm active on your system.

MBAM can see its load value but because of how the Worm hides itself in a reserved system folder(Cannot be viewed with conventional approachs) within your Recycle bin plus its ability to create many new variants rapidly it is a pain to keep locked down.Also it restores the load entry if it is not attacked route 1 so simply removing the load value fails to unload the worm.

Common infection vector is by infected USB device hence Worm.Autorun is the allocated name when MBAM detects the worm but it has been also seen being spread by email attachments and P2P shared files.

I have a nifty way of attacking these worms but since they change names and the system reserved folder is randomly created the i will need data specific to your worm in order to create a new attack signature to unload it.

The data i need can be found in a registry export from your PC and in that we have created a capture script to do that job for us :)

Download the following file(Export.zip)

http://www.malwarebytes.org/tools/export.zip

Unzip it and double click on the extracted file(Export.bat) to produce a file called export.reg on your desktop.

Please Zip this up and attach to a new topic @ Research Center with the title "new autorun worm".

http://www.malwarebytes.org/forums/index.php?showforum=51

Please also include the current MBAM quick scan log.

Thanks in advance :)

.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.