Jump to content

Stolen.data,Malware.trace and other malware removal


Recommended Posts

Could someone please assist me with the removal of malware. My computer is running extremely slow when it boots up. I ran malwarebytes a full scan. It found some scary stuff. Here is the log from that scan. Could someone also tell me if I should be concerned that data was actually stolen and if I should be changing passwords. I have looked in forums and not sure what to do. I would hate to run processes that would mess up my computer further. How do I run a HJT log?

Malwarebytes' Anti-Malware 1.44

Database version: 3822

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/3/2010 4:15:04 PM

mbam-log-2010-03-03 (16-15-04).txt

Scan type: Full Scan (C:\|)

Objects scanned: 271812

Time elapsed: 2 hour(s), 56 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 5

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache\0005D430 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWay\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

Thank you for any assist

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.