Staff TeMerc Posted February 23, 2008 Staff ID:13634 Share Posted February 23, 2008 Ran a couple of codec installers last nite and snagged some logs. Forgot to run InCtrl tho. Couple of files were totally mised by MBAM, but picked up by HJT and RunScanner. It also didn't pick up that task manager had been disabled, which RunScanner found.Attached see MBAM log.I had to manually delete the files using Unlocker, retrieved two, but the others are no where to be found. I can send them if need be, but don't want to attach them in 'public' forum.Also can't seem to find one of the installers either. Guess I need to be a bit more organized, but it was a spur of the moment thing. I was bored. File info:Item: 060 HKLM-HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoadDescription: alofkmn {2BC09886-3DF5-4E6D-9B00-890D06A0A3FE}Version: 1, 0, 0, 1Path: c:\windows\alofkmn.dllMD5: c:\windows\alofkmn.dllProductname: alofkmnFileDescription: alofkmnRegistry path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoadRegistry value: alofkmn ========= Item: 060 HKLM-HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoadDescription: bxlrvps.dll {42BF8DF1-B85A-4071-AA86-D72BFF2433C2}Path: c:\windows\bxlrvps.dllMD5: c:\windows\bxlrvps.dllFileDescription: bxlrvps.dllRegistry path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoadRegistry value: bxlrvps ============= Item: 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsDescription: dgtxrdfsnw.dll {878CA87E-BD03-4991-A1A8-A1EBEB50578F}Path: c:\windows\dgtxrdfsnw.dllMD5: c:\windows\dgtxrdfsnw.dllFileDescription: dgtxrdfsnw.dllRegistry path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878CA87E-BD03-4991-A1A8-A1EBEB50578F} ============= Item: 041 HKLM-HKCU\Software\Microsoft\Internet Explorer\ToolbarDescription: ekvgsnw Module {292547EC-9C38-4398-B336-6219B91A1634}Version: 1, 0, 0, 1Path: c:\windows\ekvgsnw.dllMD5: c:\windows\ekvgsnw.dllProductname: ekvgsnw ModuleFileDescription: ekvgsnw ModuleRegistry path: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ToolbarRegistry value: {292547EC-9C38-4398-B336-6219B91A1634} ================= Item: 160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDescription: DisableTaskMgrPath: 1MD5: 1Registry path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemRegistry value: DisableTaskMgrThe two files I snagged have been scanned before:http://www.virustotal.com/analisis/5764ab3...2c9b33d72370570http://www.virustotal.com/analisis/5e38f02...13cd710f1c319acmbam_log_2_23_2008__02_03_12_.txtmbam_log_2_23_2008__02_03_12_.txt Link to post Share on other sites More sharing options...
Staff nosirrah Posted February 23, 2008 Staff ID:13651 Share Posted February 23, 2008 I think we missed this by just a little bit , all of them were in defs when I just checked .Man I cant wait to have VAC heuristics . We will be 100% VAC day0 possibly as soon as tomorrow . Link to post Share on other sites More sharing options...
GT500 Posted February 23, 2008 ID:13653 Share Posted February 23, 2008 Normally you can upload any undetected items to http://uploads.malwarebytes.org/In this case it does not sound like it's needed, as the items are already in the definitions.Obviously the extra info is helpful even if you do upload the samples. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now