Jump to content
leofelix

Trojan.Downloader detected in 65 system files

Recommended Posts

If you can please zip and attach your last scan log , I can tell you if those are needed or not . In my tests everything was working fine after reboot even if I did not replace anything but I want to be sure .

Share this post


Link to post
Share on other sites
If you can please zip and attach your last scan log , I can tell you if those are needed or not . In my tests everything was working fine after reboot even if I did not replace anything but I want to be sure .

Thank you.

Sorry, I don

Share this post


Link to post
Share on other sites

Both files set for delete on reboot are not critical . I am going to make you a tool to disable all delete on reboot functions for this one time .

This will take me a few minutes .

Share this post


Link to post
Share on other sites
Both files set for delete on reboot are not critical . I am going to make you a tool to disable all delete on reboot functions for this one time .

This will take me a few minutes .

Thank you.

Share this post


Link to post
Share on other sites

Unzip and run the attached file , it will generate a log that we need . The log will not fit into a post so you will need to save it and then zip and attach it to your next post .

To attach a file use the browse button at the bottom of the screen and then the upload button .

look.zip

Share this post


Link to post
Share on other sites

@nosirrah

I thanked you so many times today, but I also wanted to thank you here in the forum. :) You really helped me out.

Share this post


Link to post
Share on other sites

Just curious, is that tool you provided a necessity? Because the files that were deleted weren't critical, is there a need to utilize the tool? Thanks.

Share this post


Link to post
Share on other sites

I have a similar problem, and this is with the latest database version. In my case though, the culprit is identified as a "worm.downloader". FWIW, these registry items and files have been on my system for quite a while now without being identified as a problem, either by McAfee or by Malwarebytes. Are these really bad boys or are there still problems with the DB?

Thanks, Bill

Here's the log:

=========================================

Malwarebytes' Anti-Malware 1.42

Database version: 3298

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/4/2009 9:20:17 pm

mbam-log-2009-12-04 (21-20-17).txt

Scan type: Quick Scan

Objects scanned: 92728

Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ce7c3ce2-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Lotus\Org6\organize\iehelper.dll (Worm.Downloader) -> Delete on reboot.

Share this post


Link to post
Share on other sites
I have a similar problem, and this is with the latest database version. In my case though, the culprit is identified as a "worm.downloader". FWIW, these registry items and files have been on my system for quite a while now without being identified as a problem, either by McAfee or by Malwarebytes. Are these really bad boys or are there still problems with the DB?

Thanks, Bill

Here's the log:

=========================================

Malwarebytes' Anti-Malware 1.42

Database version: 3298

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/4/2009 9:20:17 pm

mbam-log-2009-12-04 (21-20-17).txt

Scan type: Quick Scan

Objects scanned: 92728

Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ce7c3ce2-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Lotus\Org6\organize\iehelper.dll (Worm.Downloader) -> Delete on reboot.

Please generate a developers log :

http://www.malwarebytes.org/forums/index.php?showtopic=3228

Looking at this online there may be a CLSID collision here between malware and this .

Share this post


Link to post
Share on other sites

I just confirmed that this CLSID is the same as known malware , I am delisting this collision .

Share this post


Link to post
Share on other sites
I just confirmed that this CLSID is the same as known malware , I am delisting this collision .

I restored the 6 "worms", updated with database 3299, then ran mbam in developers mode . . . no problems!

Thanks for the great support!

- Bill

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.