MAM Posted May 5, 2010 ID:245186 Share Posted May 5, 2010 Hello, after a silly idea, to start Malware, called UPS_invoice_3723. ZIP, 28 KB, came up over my mail box.I start it, MBAM was running also.But from MBAM came up, this error message, in russian i think The result from virustol.com: http://www.virustotal.com/de/analisis/401b...4dbc-1273086276.Here is the developer Log from Malwarebyte's Anti-Malware:I will this Malware delete, this MBAM.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4069Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870205.05.2010 20:52:55mbam-log-2010-05-05 (20-52-55).txtScan type: Full scan (C:\|D:\|E:\|F:\|)Objects scanned: 171943Time elapsed: 40 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]Registry Keys Infected:HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken. [4B4E3E1F98B2C857622AD8EF11C393B8]Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pgsb.lto csxyfxr) Good: (Explorer.exe) -> No action taken. [7869D5DBC68B2B687A17FBEC05BC2DE8]Folders Infected:(No malicious items detected)Files Infected:C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\30.tmp (Backdoor.Virkel) -> No action taken. [EC2B632E00FFEA430ECE3AAE2FB2BE4F]C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\31.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]C:\Dokumente und Einstellungen\XXXXX\Lokale Einstellungen\temp\33.tmp (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]C:\WINDOWS\system32\pgsb.lto (Backdoor.Bot) -> No action taken. [33FF80DF4E9FFE110E58A81EFE0A94FE]Is my system now clean after deleting this crap ?MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245188 Share Posted May 5, 2010 And now that is a new log from Malwarebytes' Anti-Malware.I think i have deleted, this crap, and i reboot now my System.:Time elapsed: 40 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> Delete on reboot. [33FF80DF4E9FFE110E58A81EFE0A94FE]Registry Keys Infected:HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. [4B4E3E1F98B2C857622AD8EF11C393B8]Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe pgsb.lto csxyfxr) Good: (Explorer.exe) -> Quarantined and deleted successfully. [7869D5DBC68B2B687A17FBEC05BC2DE8]Folders Infected:(No malicious items detected)Files Infected:C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\2F.tmp (Backdoor.Bot) -> Delete on reboot. [33FF80DF4E9FFE110E58A81EFE0A94FE]C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\30.tmp (Backdoor.Virkel) -> Quarantined and deleted successfully. [EC2B632E00FFEA430ECE3AAE2FB2BE4F]C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\31.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. [33FF80DF4E9FFE110E58A81EFE0A94FE]C:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\temp\33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. [33FF80DF4E9FFE110E58A81EFE0A94FE]C:\WINDOWS\system32\pgsb.lto (Backdoor.Bot) -> Quarantined and deleted successfully. [33FF80DF4E9FFE110E58A81EFE0A94FE]Is my System, clean NOW ?MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245194 Share Posted May 5, 2010 Shall i do a nother scan this MBAM, a new update is comming up...?!MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245227 Share Posted May 5, 2010 Well, i think i have lousy cards, in this issue Malwarebytes's Anti-Malware found, more crap after the last upadate.Can i delete this realy ?The result, form MBAM log, in the developer mode:Scan type: Full scan (C:\|D:\|E:\|F:\|)Objects scanned: 172160Time elapsed: 40 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. [3DDB0CFD25566DD1085DB5DCE29EBF80]Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> No action taken. [47E1450450E9888AF85F5B494131F7EB]C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> No action taken. [1F20487DD74942653C96A2E2F9E4AB38]MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245230 Share Posted May 5, 2010 Edit, double posting, my apologise about that MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245248 Share Posted May 5, 2010 Attachments removed.MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245263 Share Posted May 5, 2010 Hello, can anybody explain me what doese the "russian" ( i think that is rusian ) message mean in conjunction with Malwarebytes' Anti-Malware, that i asked in my posting #1 ?MAM Link to post Share on other sites More sharing options...
MAM Posted May 5, 2010 Author ID:245276 Share Posted May 5, 2010 BTW, the quarantine function, dosen Link to post Share on other sites More sharing options...
Recommended Posts