Jump to content

Unusual problem


Recommended Posts

Today run full scan of C:\ and all was clean. Here is log file:

-Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4142

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10-05-26 13:12:57

mbam-log-2010-05-26 (13-12-57).txt

Scan type: Quick scan

Objects scanned: 171

Time elapsed: 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

After run SFC /Scannow and MBAM reported three malwares - this is the log file:

-protection-log-2010-05-26

12:46:31 user MESSAGE Protection started successfully

12:46:46 user MESSAGE IP Protection started successfully

13:56:19 user IP-BLOCK 95.168.183.18

13:56:22 user IP-BLOCK 95.168.183.18

13:56:28 user IP-BLOCK 95.168.183.18

14:16:39 user IP-BLOCK 83.133.97.246

14:16:42 user IP-BLOCK 83.133.97.246

14:16:48 user IP-BLOCK 83.133.97.246

14:32:06 user DETECTION

C:\WINDOWS\System32\dllcache\beep.sys Fake.Beep.sys ALLOW

14:32:38 user DETECTION

C:\WINDOWS\System32\dllcache\cdrom.sys Trojan.Patched ALLOW

14:37:26 user DETECTION

C:\WINDOWS\System32\dllcache\setup.exe Trojan.Dropper ALLOW

Run again SFC /Scannow and try to quarantine problematic files, rebooted , run again SFC /Scannow, but problematic files appear again.

Here is log file:

-protection-log-2010-05-26

12:46:31 user MESSAGE Protection started successfully

12:46:46 user MESSAGE IP Protection started successfully

13:56:19 user IP-BLOCK 95.168.183.18

13:56:22 user IP-BLOCK 95.168.183.18

13:56:28 user IP-BLOCK 95.168.183.18

14:16:39 user IP-BLOCK 83.133.97.246

14:16:42 user IP-BLOCK 83.133.97.246

14:16:48 user IP-BLOCK 83.133.97.246

14:32:06 user DETECTION C:\WINDOWS\System32\dllcache\beep.sys Fake.Beep.sys ALLOW

14:32:38 user DETECTION C:\WINDOWS\System32\dllcache\cdrom.sys Trojan.Patched ALLOW

14:37:26 user DETECTION C:\WINDOWS\System32\dllcache\setup.exe Trojan.Dropper ALLOW

15:36:21 user MESSAGE IP Protection stopped

15:37:16 user MESSAGE Database updated successfully

15:37:26 user MESSAGE IP Protection started successfully

15:37:39 user MESSAGE IP Protection stopped

15:37:50 user MESSAGE IP Protection started successfully

16:21:58 user DETECTION C:\WINDOWS\System32\dllcache\beep.sys Fake.Beep.sys QUARANTINE

16:21:59 user ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:22:14 user DETECTION C:\WINDOWS\System32\dllcache\cdrom.sys Trojan.Patched QUARANTINE

16:22:15 user ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:26:01 user DETECTION C:\WINDOWS\System32\dllcache\setup.exe Trojan.Dropper QUARANTINE

16:26:03 user ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:31:03 user MESSAGE Protection started successfully

16:31:29 user MESSAGE IP Protection started successfully

16:32:59 user DETECTION C:\WINDOWS\System32\dllcache\beep.sys Fake.Beep.sys QUARANTINE

16:33:00 user ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:33:20 user DETECTION C:\WINDOWS\System32\dllcache\cdrom.sys Trojan.Patched QUARANTINE

16:33:21 user ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:37:18 user DETECTION C:\WINDOWS\System32\dllcache\setup.exe Trojan.Dropper QUARANTINE

16:37:19 user ERROR Quarantine failed: UtilityReadFile failed with error code 2

Please advice me what I can do to sole this problem.

Search these three files in system32/dllcashe folder, but can not locate any of them.

Link to post
Share on other sites

  • 2 weeks later...

Horn,

Had almost the same problem. Been running both McAfee and Malwarebytes for several weeks after a reformat and re-install. No problems detected since then.

Went to do SFC /Scannow yesterday and Malewarebytes picked up trojan.patched and trojan.dropper in the dllcache. I choose to quarantine. Ran SFC /Scannow again, and no problems the second time. I'm concerned, though, as to what these trojans are, where they came from, and what the implications might be.

Have you been able to figure it out?

Dinosaur

Link to post
Share on other sites

@ horn -

Please copy and paste this code into Run Box - It will run a full 5 stage disk check -

Close all open programs then click OK and let it run - It will shut down and restart your system -

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

This should take 30-45 mins to run - Please be patient and let it run (even if it takes 1 hour) -

Thank You - :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.