Jump to content

Recommended Posts

Hello, after a silly idea, to start Malware, called UPS_invoice_3723. ZIP, 28 KB, came up over my mail box.

I start it, MBAM was running also.

But from MBAM came up, this error message, in russian i think :angry:

The result from virustol.com: http://www.virustotal.com/de/analisis/401b...4dbc-1273086276.

Here is the developer Log from Malwarebyte's Anti-Malware:

I will this Malware delete, this MBAM.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4069

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

05.05.2010 20:52:55

mbam-log-2010-05-05 (20-52-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Objects scanned: 171943

Time elapsed: 40 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]

Registry Keys Infected:

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken. [4B4E3E1F98B2C857622AD8EF11C393B8]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pgsb.lto csxyfxr) Good: (Explorer.exe) -> No action taken. [7869D5DBC68B2B687A17FBEC05BC2DE8]

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]

C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\30.tmp (Backdoor.Virkel) -> No action taken. [EC2B632E00FFEA430ECE3AAE2FB2BE4F]

C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\31.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]

C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\33.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]

C:\WINDOWS\system32\pgsb.lto (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]

Is my system now clean after deleting this crap ?

MAM

Link to post
Share on other sites

And now that is a new log from Malwarebytes' Anti-Malware.

I think i have deleted, this crap, and i reboot now my System.

:

Time elapsed: 40 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> Delete on reboot. [33FF80DF4E9FFE110E58A81EFE0A94FE]

Registry Keys Infected:

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. [4B4E3E1F98B2C857622AD8EF11C393B8]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pgsb.lto csxyfxr) Good: (Explorer.exe) -> Quarantined and deleted successfully. [7869D5DBC68B2B687A17FBEC05BC2DE8]

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> Delete on reboot. [33FF80DF4E9FFE110E58A81EFE0A94FE]

C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\30.tmp (Backdoor.Virkel) -> Quarantined and deleted successfully. [EC2B632E00FFEA430ECE3AAE2FB2BE4F]

C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\31.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. [33FF80DF4E9FFE110E58A81EFE0A94FE]

C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. [33FF80DF4E9FFE110E58A81EFE0A94FE]

C:\WINDOWS\system32\pgsb.lto (Backdoor.Bot) -> Quarantined and deleted successfully. [33FF80DF4E9FFE110E58A81EFE0A94FE]

Is my System, clean NOW ?

MAM

Link to post
Share on other sites

Well, i think i have lousy cards, in this issue :angry:

Malwarebytes's Anti-Malware found, more crap after the last upadate.

Can i delete this realy ?

The result, form MBAM log, in the developer mode:

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Objects scanned: 172160

Time elapsed: 40 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. [3DDB0CFD25566DD1085DB5DCE29EBF80]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> No action taken. [47E1450450E9888AF85F5B494131F7EB]

C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> No action taken. [1F20487DD74942653C96A2E2F9E4AB38]

MAM

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.