control_tps Posted November 29, 2009 ID:163586 Share Posted November 29, 2009 Here is my MBAM scan on 11/27/09. I will provide a developer log when ask by the MBAM team. I wanted to delete them, just in case. Malwarebytes' Anti-Malware 1.41Database version: 3244Windows 5.1.2600 Service Pack 311/27/2009 11:40:44 AMmbam-log-2009-11-27 (11-40-44).txtScan type: Quick ScanObjects scanned: 121283Time elapsed: 6 minute(s), 51 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot.C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.Here is my scan for 11/28/09.Malwarebytes' Anti-Malware 1.41Database version: 3249Windows 5.1.2600 Service Pack 311/28/2009 3:18:02 AMmbam-log-2009-11-28 (03-18-02).txtScan type: Quick ScanObjects scanned: 121392Time elapsed: 2 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
nosirrah Posted November 29, 2009 ID:163599 Share Posted November 29, 2009 What are you reporting as a false positive here ? It is helpful to use bold in your log to highlight what you are reporting . Link to post Share on other sites More sharing options...
control_tps Posted November 29, 2009 Author ID:163604 Share Posted November 29, 2009 Hello and thank you Bruce. The bold fonts are the one I'm reporting as false positive. Malwarebytes' Anti-Malware 1.41Database version: 3244Windows 5.1.2600 Service Pack 311/27/2009 11:40:44 AMmbam-log-2009-11-27 (11-40-44).txtScan type: Quick ScanObjects scanned: 121283Time elapsed: 6 minute(s), 51 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot.C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.Here is my scan for 11/28/09.Malwarebytes' Anti-Malware 1.41Database version: 3249Windows 5.1.2600 Service Pack 311/28/2009 3:18:02 AMmbam-log-2009-11-28 (03-18-02).txtScan type: Quick ScanObjects scanned: 121392Time elapsed: 2 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
nosirrah Posted November 29, 2009 ID:163607 Share Posted November 29, 2009 You can confirm this on google with ease , all of that is malware .It seems you AV let you down badly . Link to post Share on other sites More sharing options...
control_tps Posted November 29, 2009 Author ID:163610 Share Posted November 29, 2009 Bruce thanks for your help. As for now, I Link to post Share on other sites More sharing options...
nosirrah Posted November 29, 2009 ID:163613 Share Posted November 29, 2009 Yes , the new and worst form of the TDSS driver patcher is sometimes installed by this downloader .Currently there is no automated fix for this by any vendor and it requires a manual fix .There is an easy test for it though , google for words like "malware" and "spyware" and click on the results . If you get diverted from the intended pages to apps like PCtools and stopzilla as well as other adverts you are without question patched .If searching works as they should you are most likely fine . Link to post Share on other sites More sharing options...
control_tps Posted November 29, 2009 Author ID:163614 Share Posted November 29, 2009 Thank you. I have search in Google for words like "malware", "spyware", and "freeantivirus" and I was not redirected to PCtools or Stopzilla. I search using Firefox and Internet Explorer with the same results, "my search was not redirected." Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now