Jump to content

Recommended Posts

i keep getting these trojans returning.

keep running malwarebytes and finding them , eset keep quarentining them but they keep comeing back, here is a list

can anyone help me get ride of them for good

thanks in advace rolleyes.gif

19/01/2010 18:13:31 Real-time file system protection file C:\Users\stuart\FgjFxH.exe Win32/TrojanDownloader.Delf.PFZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 18:13:31 Real-time file system protection file C:\Users\stuart\WnTFlJ.exe a variant of Win32/Kryptik.BWP trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 18:13:30 Real-time file system protection file C:\Users\stuart\rzYlqH.exe a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 18:13:29 Real-time file system protection file C:\Users\stuart\HHeeCV.exe a variant of Win32/Cimag.BM trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 17:36:38 Real-time file system protection file C:\Users\stuart\wkcwZb.exe Win32/TrojanDownloader.Delf.PFZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 17:36:37 Real-time file system protection file C:\Users\stuart\IPUhdq.exe a variant of Win32/Kryptik.BWP trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 17:36:35 Real-time file system protection file C:\Users\stuart\CCAAkp.exe a variant of Win32/Cimag.BM trojan cleaned by deleting (after the next restart) - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 17:36:35 Real-time file system protection file C:\Users\stuart\uXYdvC.exe a variant of Win32/Olmarik.SV trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

19/01/2010 17:36:35 Real-time file system protection file C:\Users\stuart\AppData\Local\lSCNTV.dll a variant of Win32/Cimag.BM trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\CCAAkp.exe.

18/01/2010 23:08:20 Real-time file system protection file C:\Users\stuart\wSxwRj.exe a variant of Win32/TrojanDownloader.Delf.PFZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 23:08:19 Real-time file system protection file C:\Users\stuart\cOLQJX.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 23:08:19 Real-time file system protection file C:\Users\stuart\AppData\Local\lSCNTV.dll a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\OGjIsZ.exe.

18/01/2010 23:08:18 Real-time file system protection file C:\Users\stuart\BEvJbO.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 23:08:18 Real-time file system protection file C:\Users\stuart\OGjIsZ.exe a variant of Win32/Cimag.BK trojan cleaned by deleting (after the next restart) - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 23:01:11 Real-time file system protection file F:\$RECYCLE.BIN\S-1-5-21-2008373190-4038388624-2740936903-1001\$RUTBATX.exe probably unknown NewHeur_PE virus deleted - quarantined zoidys\stuart Event occurred on a file modified by the application: C:\Program Files (x86)\uTorrent\uTorrent.exe.

18/01/2010 22:53:28 Real-time file system protection file C:\Users\stuart\LtJLKo.exe a variant of Win32/TrojanDownloader.Delf.PFZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:53:27 Real-time file system protection file C:\Users\stuart\zgdRYe.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:53:26 Real-time file system protection file C:\Users\stuart\nqNYQg.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:53:25 Real-time file system protection file C:\Users\stuart\griilM.exe a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:35:37 Real-time file system protection file C:\Users\stuart\YyLYIh.exe a variant of Win32/TrojanDownloader.Delf.PFZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:35:34 Real-time file system protection file C:\Users\stuart\XqGnCO.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:35:32 Real-time file system protection file C:\Users\stuart\zBjCsT.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:35:32 Real-time file system protection file C:\Users\stuart\TTeeyH.exe a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:13:21 Real-time file system protection file C:\Users\stuart\tDPtKY.exe a variant of Win32/TrojanDownloader.Delf.PFZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:13:19 Real-time file system protection file C:\Users\stuart\RvUqkw.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:13:17 Real-time file system protection file C:\Users\stuart\rSskVv.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 22:13:15 Real-time file system protection file C:\Users\stuart\vvQQDj.exe a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 07:13:39 Real-time file system protection file C:\Users\stuart\ibBpJj.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 07:13:38 Real-time file system protection file C:\Users\stuart\EDqJvb.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

18/01/2010 07:13:37 Real-time file system protection file C:\Users\stuart\bCMMsw.exe a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

17/01/2010 17:29:40 Real-time file system protection file C:\Users\stuart\gTRHFX.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

17/01/2010 17:29:39 Real-time file system protection file C:\Users\stuart\wltFYT.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

17/01/2010 17:29:39 Real-time file system protection file C:\Users\stuart\TVBxrv.exe a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

17/01/2010 17:20:36 Real-time file system protection file C:\Users\stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QV4RLK\win_protection_update[2].exe Win32/Adware.PrivacyCenter.AO application deleted (after the next restart) - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\axzaYv.exe.

17/01/2010 17:20:16 HTTP filter file http://lkrtsoft.in/get.php?sc=1&id=02947 Win32/Adware.PrivacyCenter.AO application connection terminated - quarantined zoidys\stuart Threat was detected upon access to web by the application: C:\Users\stuart\axzaYv.exe.

17/01/2010 17:20:00 HTTP filter file http://lkrtsoft.in/get.php?sc=1&id=02947 Win32/Adware.PrivacyCenter.AO application connection terminated - quarantined zoidys\stuart Threat was detected upon access to web by the application: C:\Users\stuart\axzaYv.exe.

17/01/2010 17:17:43 Real-time file system protection file C:\Users\stuart\OsqRuw.exe a variant of Win32/Kryptik.BUW trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

17/01/2010 17:17:42 Real-time file system protection file C:\Users\stuart\hPEuNe.exe a variant of Win32/Kryptik.BUZ trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

17/01/2010 17:17:41 Real-time file system protection file C:\Users\stuart\wwooCa.exe a variant of Win32/Cimag.BK trojan cleaned by deleting - quarantined zoidys\stuart Event occurred on a new file created by the application: C:\Users\stuart\iexplore.exe.

here is my malware log

Malwarebytes' Anti-Malware 1.44

Database version: 3598

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

19/01/2010 18:10:47

mbam-log-2010-01-19 (18-10-47).txt

Scan type: Full Scan (C:\|)

Objects scanned: 227203

Time elapsed: 21 minute(s), 7 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

C:\Users\stuart\fusit.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fusit (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\stuart\fusit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\stuart\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:05:30, on 19/01/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\bgsvcgen.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files (x86)\O2\bin\sprtsvc.exe

C:\Windows\System32\StkCSrv.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe

C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\myiHome\app\myiHome-server.exe

C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\O2\bin\sprtcmd.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Users\stuart\qoulaeg.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files (x86)\Spyware Doctor\pctsTray.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/firefox?client=fir...:en-GB:official

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java

Attach.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.