Guest remixed Posted June 23, 2008 ID:20986 Share Posted June 23, 2008 Seem to be receiving this on various Pc's (Home & Work)Malwarebytes' Anti-Malware 1.18Database version: 88300:03:11 24/06/2008mbam-log-6-24-2008 (00-03-03).txtScan type: Quick ScanObjects scanned: 44234Time elapsed: 5 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\autorun.inf (Malware.Trace) -> No action taken.Virus Total...AhnLab-V3 2008.6.24.0 2008.06.23 - AntiVir 7.8.0.59 2008.06.23 - Authentium 5.1.0.4 2008.06.23 - Avast 4.8.1195.0 2008.06.23 - AVG 7.5.0.516 2008.06.24 - BitDefender 7.2 2008.06.24 - CAT-QuickHeal 9.50 2008.06.23 - ClamAV 0.93.1 2008.06.23 - DrWeb 4.44.0.09170 2008.06.23 - eSafe 7.0.15.0 2008.06.23 - eTrust-Vet 31.6.5897 2008.06.23 - Ewido 4.0 2008.06.23 - F-Prot 4.4.4.56 2008.06.23 - F-Secure 7.60.13501.0 2008.06.20 - Fortinet 3.14.0.0 2008.06.23 - GData 2.0.7306.1023 2008.06.23 - Ikarus T3.1.1.26.0 2008.06.23 - Kaspersky 7.0.0.125 2008.06.24 - McAfee 5323 2008.06.23 - Microsoft 1.3604 2008.06.24 - NOD32v2 3210 2008.06.23 - Norman 5.80.02 2008.06.23 - Panda 9.0.0.4 2008.06.23 - Prevx1 V2 2008.06.24 - Rising 20.50.02.00 2008.06.23 - Sophos 4.30.0 2008.06.23 - Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.24 - TheHacker 6.2.92.358 2008.06.21 - TrendMicro 8.700.0.1004 2008.06.23 - VBA32 3.12.6.8 2008.06.23 - VirusBuster 4.5.11.0 2008.06.23 - Webwasher-Gateway 6.6.2 2008.06.23 - Additional information File size: 25 bytes MD5...: 96893f1e189b3c381426d3275fa99f73 SHA1..: 1c5a75491b2056ffb4b39e283b3ae122dfb5eb37 SHA256: 8508893cab8f713127ee54f9fb4c0e40e6af24808f96e2440a5de4946e5946ca SHA512: eb9151485534707f294a974417afb780ff7c7ffc3d45cdb69c9ba82cc94f0885a79c544eab4c8e2665a0b0be635819b7285e92e0c2ac26277ef955caac5d539c Link to post Share on other sites More sharing options...
nosirrah Posted June 24, 2008 ID:20993 Share Posted June 24, 2008 This is used by several infections to run files every time you open your C:\ drive .If you know of legit software that uses this please let me know . Link to post Share on other sites More sharing options...
Guest remixed Posted June 24, 2008 ID:21009 Share Posted June 24, 2008 This is used by several infections to run files every time you open your C:\ drive .If you know of legit software that uses this please let me know .In this instance...vista.ico > www.vistaico.com Link to post Share on other sites More sharing options...
nosirrah Posted June 24, 2008 ID:21020 Share Posted June 24, 2008 I took this out for now . Link to post Share on other sites More sharing options...
elero Posted January 18, 2009 ID:48745 Share Posted January 18, 2009 The same goes for Daemon Tools? mbam_log_2009_01_18__02_22_41_.txtmbam_log_2009_01_18__02_22_41_.txt Link to post Share on other sites More sharing options...
DaChew Posted January 18, 2009 ID:48757 Share Posted January 18, 2009 @sptthat looks like a recent infection, not daemon toolsFolders Infected: C:\resycled (Trojan.DNSChanger) -> No action taken. Files Infected: C:\autorun.inf (Trojan.DNSChanger) -> No action taken. C:\resycled\ntldr.com (Trojan.DNSChanger) -> No action taken. C:\Programme\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.I would have an expert look over my HJT log in that forumHave you used sub's flash disinfector? Link to post Share on other sites More sharing options...
elero Posted January 18, 2009 ID:48764 Share Posted January 18, 2009 Have you used sub's flash disinfector?No, what's that?I also think it is an infection, because I can't connect to this forum on the other machine One file can't be deleted by MBAM How can I get rid of this:Files Infected:C:\WINDOWS\system32\gaopdxxwhowipl.dll (Trojan.DNSChanger) -> No action taken.mbam_log_2009_01_18__14_02_27_.txtmbam_log_2009_01_18__14_02_27_.txt Link to post Share on other sites More sharing options...
DaChew Posted January 18, 2009 ID:48767 Share Posted January 18, 2009 sub's flash disinifector put's an empty autorun.inf on each partition and removable drive as an immunization from these type of infections that move thru storage devicesIf your infection is surviving an updated MBAM scan then you definitely need to post in the HJT forum, not herehttp://www.malwarebytes.org/forums/index.php?showforum=7http://www.malwarebytes.org/forums/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
elero Posted January 18, 2009 ID:48773 Share Posted January 18, 2009 If your infection is surviving an updated MBAM scan then you definitely need to post in the HJT forumhttp://www.malwarebytes.org/forums/index.php?showtopic=9982 Link to post Share on other sites More sharing options...
DaChew Posted January 18, 2009 ID:48775 Share Posted January 18, 2009 http://www.malwarebytes.org/forums/index.php?showtopic=9982 I would suggest adding a link back to this thread, even if MBAM has cleaned your infection on your local hard drive, any portable drive inserted and autorunning will reinfect you and that needs to be addressedGive a helper as many clues as possible Link to post Share on other sites More sharing options...
elero Posted January 18, 2009 ID:48798 Share Posted January 18, 2009 any portable drive inserted and autorunning will reinfect youSo I also have to format the USB stick? Link to post Share on other sites More sharing options...
GT500 Posted January 19, 2009 ID:48945 Share Posted January 19, 2009 If you know of legit software that uses this please let me know .Bruce, if a legitimate software ever did that to my computer, I would be pissed. Autorun.inf does not belong in the root of your C: drive. Link to post Share on other sites More sharing options...
DaChew Posted January 19, 2009 ID:49028 Share Posted January 19, 2009 Bruce, if a legitimate software ever did that to my computer, I would be pissed. Autorun.inf does not belong in the root of your C: drive.sub's flash disinfector being the exception Link to post Share on other sites More sharing options...
buttoni Posted February 2, 2009 ID:52827 Share Posted February 2, 2009 Autorun.inf does not belong in the root of your C: drive.I just joined the forum today and I am thus far quite pleased with MBAM. I digress, perhaps, but as an FYI there's an enlightening, pertinent, albeit lengthy discussion of Windows Autorun and Autoplay this week over on BBR DSL Reports forums. I recently did this registry fix offered in that thread on my WinXP Home machine to prevent Autorun from ever executing any malware on my system. Had to shut down Comodo FW (Defense + HIPS) which blocks alterint this reg entry (IniFileMapping) area of the registry is by default protected by Defense +. But it finally merged OK for me. This fix, like the US CERT article states, prevents Autorun from executing automatically on ALL drives. http://www.dslreports.com/forum/r21779069-...lert-on-autorunHope this may be helpful to other members. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now