Jump to content

MBAM found


control_tps

Recommended Posts

Here is my MBAM scan on 11/27/09. I will provide a developer log when ask by the MBAM team. I wanted to delete them, just in case.

Malwarebytes' Anti-Malware 1.41

Database version: 3244

Windows 5.1.2600 Service Pack 3

11/27/2009 11:40:44 AM

mbam-log-2009-11-27 (11-40-44).txt

Scan type: Quick Scan

Objects scanned: 121283

Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Here is my scan for 11/28/09.

Malwarebytes' Anti-Malware 1.41

Database version: 3249

Windows 5.1.2600 Service Pack 3

11/28/2009 3:18:02 AM

mbam-log-2009-11-28 (03-18-02).txt

Scan type: Quick Scan

Objects scanned: 121392

Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello and thank you Bruce. The bold fonts are the one I'm reporting as false positive.

Malwarebytes' Anti-Malware 1.41

Database version: 3244

Windows 5.1.2600 Service Pack 3

11/27/2009 11:40:44 AM

mbam-log-2009-11-27 (11-40-44).txt

Scan type: Quick Scan

Objects scanned: 121283

Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videohost (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Here is my scan for 11/28/09.

Malwarebytes' Anti-Malware 1.41

Database version: 3249

Windows 5.1.2600 Service Pack 3

11/28/2009 3:18:02 AM

mbam-log-2009-11-28 (03-18-02).txt

Scan type: Quick Scan

Objects scanned: 121392

Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Yes , the new and worst form of the TDSS driver patcher is sometimes installed by this downloader .

Currently there is no automated fix for this by any vendor and it requires a manual fix .

There is an easy test for it though , google for words like "malware" and "spyware" and click on the results . If you get diverted from the intended pages to apps like PCtools and stopzilla as well as other adverts you are without question patched .

If searching works as they should you are most likely fine .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.