Jump to content

Re: Newbie help!


Recommended Posts

Hello all,

I'm a mac user trying to help his Dad. Malwarebytes found 19 file infections that it seems to remove, but are still there on reboot. Any tips would be VERY much appreciated.

Malwarebytes' Anti-Malware 1.40

Database version: 2679

Windows 6.0.6002 Service Pack 2

12/13/2009 3:30:28 PM

mbam-log-2009-12-13 (15-30-22).txt

Scan type: Full Scan (C:\|)

Objects scanned: 416945

Time elapsed: 1 hour(s), 19 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 19

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Public\Favorites\netservice.exe (Backdoor.Agent) -> No action taken.

C:\Users\Public\Favorites\NginuL_na.exe (Worm.AutoRun) -> No action taken.

C:\Users\Public\Favorites\plug\001.dll (Backdoor.Agent) -> No action taken.

C:\Users\xxxxxxxxxNetHood\Net Connection.com (Virus.Rungbu) -> No action taken.

C:\UsersxxxxxxxPrintHood\Printing Information.com (Virus.Rungbu) -> No action taken.

C:\Users\xxxxxxx\Templates\_svchost.exe (Trojan.Agent) -> No action taken.

C:\Users\xxxxxxxxTemplates\11496-NendangBro.com (Worm.Brontok) -> No action taken.

C:\Users\xxxxxxxx\Templates\A.kotnorB.com (Worm.Brontok) -> No action taken.

C:\Users\xxxxxxx\Templates\Brengkolang.com (Worm.Brontok) -> No action taken.

C:\Users\xxxxxx\Templates\excel.exe (Trojan.Xanib) -> No action taken.

C:\Users\xxxxxxx\Templates\excel4.exe (Trojan.Xanib) -> No action taken.

C:\Users\xxxxxx\Templates\winword.doc.exe (Worm.AutoIt) -> No action taken.

C:\Users\xxxxxxx\Templates\winword.exe (Trojan.Xanib) -> No action taken.

C:\Users\xxxxxx\Templates\winword.scr (Virus.Rungbu) -> No action taken.

C:\Users\xxxxx\Templates\winword2.doc.exe (Worm.AutoIt) -> No action taken.

C:\Users\xxxxxx\Templates\winword2.exe (Trojan.Xanib) -> No action taken.

C:\Usersxxxxxx\Templates\winword2.scr (Virus.Rungbu) -> No action taken.

C:\Users\xxxxxxTemplates\WowTumpeh.com (Worm.Brontok) -> No action taken.

C:\Users\xxxxx\Templates\cache\vmx.exe (Worm.AutoRun) -> No action taken.

Thanks!

Link to post
Share on other sites

Hello laruechris

Welcome to Malwarebytes.

=====================

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Thank you! Will try next visit. I'll post results.

Chris

Hello laruechris

Welcome to Malwarebytes.

=====================

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

  • 2 weeks later...

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.