Jump to content

Help with log file

Recommended Posts

Hello I hope someone can assist me. I ran malwarebytes and it did find some malware. I am not sure what exactly they are and how bad are they. Did someone steal some personal data? Should I be changing all my bank account info and all other usernames and passwords? I am I really clean now that they have been removed by malwarebytes or is there more I need to do? Is there away to tell how long I have been infected? What is the best way to protect myself?

Sorry so many questions and I am sure you have heard them many times

The vendor names are









Here is a copy of the log file.

Malwarebytes' Anti-Malware 1.44

Database version: 3822

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/3/2010 4:15:04 PM

mbam-log-2010-03-03 (16-15-04).txt

Scan type: Full Scan (C:\|)

Objects scanned: 271812

Time elapsed: 2 hour(s), 56 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 5

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache\0005D430 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

Thank you in advance for any assistance

Link to post
Share on other sites


Yes, you were dealing with a password stealer as well before, so I suggest you change all your passwords.

Thank you so much for responding. Do you think that my computer is now clean after running malwarebytes? So, I could change password information from this computer?

Do you think I need to worry about changing my financial information like bank account numbers?

Is there a way to tell how long ago I was infected?

How often should I run malwarebytes?

In your opinion what is the best line of defense against being attacked again?

Sorry so many questions.

Thank you for your time and assistance :P

Link to post
Share on other sites

  • Staff


Yes, you should be OK now after running malwarebytes. Unfortunately I cannot tell how long you were infected already, but I do suggest to change your passwords asap (yes, also banking passwords; because this zbot variant does target banks).

Here's a more detailed description of zbot:

http://www.f-secure.com/v-descs/trojan-spy_w32_zbot.shtml (this is from a previous variant)

http://www.microsoft.com/security/portal/T...Name=Win32/Zbot (variant you were dealing with)

But basically, all zbots do the same - which is, stealing passwords from your pc.

In your opinion what is the best line of defense against being attacked again?
Well, Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Or/and, consider to upgrade malwarebytes to the pro version - which has a realtime scanner and also protects you from sites (IP block option) where malware is hosted.

Link to post
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.