Help with log file

[tbutcher3]

Hello I hope someone can assist me. I ran malwarebytes and it did find some malware. I am not sure what exactly they are and how bad are they. Did someone steal some personal data? Should I be changing all my bank account info and all other usernames and passwords? I am I really clean now that they have been removed by malwarebytes or is there more I need to do? Is there away to tell how long I have been infected? What is the best way to protect myself?

Sorry so many questions and I am sure you have heard them many times

The vendor names are

adware.mywebsearch

stolen.data

adware.hotbar

fake.dropped.malware

roure.multiple

malware.trace

adware.hotbar

hijack.userinit

Here is a copy of the log file.

Malwarebytes' Anti-Malware 1.44

Database version: 3822

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/3/2010 4:15:04 PM

mbam-log-2010-03-03 (16-15-04).txt

Scan type: Full Scan (C:\|)

Objects scanned: 271812

Time elapsed: 2 hour(s), 56 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 5

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache\0005D430 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

Thank you in advance for any assistance

[miekiemoes]

Hi,

Yes, you were dealing with a password stealer as well before, so I suggest you change all your passwords.

[tbutcher3]

Hi,

Yes, you were dealing with a password stealer as well before, so I suggest you change all your passwords.

Thank you so much for responding. Do you think that my computer is now clean after running malwarebytes? So, I could change password information from this computer?

Do you think I need to worry about changing my financial information like bank account numbers?

Is there a way to tell how long ago I was infected?

How often should I run malwarebytes?

In your opinion what is the best line of defense against being attacked again?

Sorry so many questions.

Thank you for your time and assistance

[miekiemoes]

Hi,

Yes, you should be OK now after running malwarebytes. Unfortunately I cannot tell how long you were infected already, but I do suggest to change your passwords asap (yes, also banking passwords; because this zbot variant does target banks).

Here's a more detailed description of zbot:

http://www.f-secure.com/v-descs/trojan-spy_w32_zbot.shtml (this is from a previous variant)

http://www.microsoft.com/security/portal/T...Name=Win32/Zbot (variant you were dealing with)

But basically, all zbots do the same - which is, stealing passwords from your pc.

In your opinion what is the best line of defense against being attacked again?

Well, Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Or/and, consider to upgrade malwarebytes to the pro version - which has a realtime scanner and also protects you from sites (IP block option) where malware is hosted.

[miekiemoes]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.