Malware Sucks Posted August 27, 2008 ID:25985 Share Posted August 27, 2008 I went to an XP AntiVirus site, and McAfee said "Trojan Successfully Removed" I just want to be sure nothing survived. I've run a McAfee Scan, SpyBot Scan, and MalwareBytes Scan and all found nothing. Here are my Logs:Malwarebytes:Malwarebytes' Anti-Malware 1.25Database version: 1089Windows 6.0.6000 11:36:43 AM 8/27/2008mbam-log-08-27-2008 (11-36-43).txtScan type: Quick ScanObjects scanned: 42689Time elapsed: 2 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)PandaActiveScan:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-08-27 11:59:49PROTECTIONS: 3MALWARE: 21SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Windows Defender 1.1.1603.0 No YesMcAfee Internet Security Suite 2007 8.1 No NoMcAfee VirusScan Plus 12.1 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@trafficmp[1].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@casalemedia[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@atdmt[2].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@fastclick[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@tribalfusion[1].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@mediaplex[2].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@com[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@ad.yieldmanager[2].txt00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@burstnet[2].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@serving-sys[1].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@bs.serving-sys[1].txt00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@adtech[1].txt00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@server.iad.liveperson[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@advertising[2].txt00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Windows\Temp\Cookies\keith@statse.webtrendslive[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@ads.pointroll[1].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@overture[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@questionmarket[2].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@adrevolver[2].txt00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\Low\keith@did-it[1].txt;===================================================================================================================================================================================SUSPECTSSent Location }>_AYs5;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description }>_AYs5;=================================================================================================================================================================================== 184379 MEDIUM MS08-001 }>_AYs5 182048 HIGH MS07-069 }>_AYs5 182043 HIGH MS07-064 }>_AYs5 176382 HIGH MS07-057 }>_AYs5 170906 HIGH MS07-045 }>_AYs5 164913 HIGH MS07-033 }>_AYs5 160623 HIGH MS07-027 }>_AYs5;===================================================================================================================================================================================HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:12:45 PM, on 8/27/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:c:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\sttray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\rundll32.exeC:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\DllHost.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://*.mcafee.comO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLO23 - Service: McAfee Application Installer Cleanup (0218871219843790) (0218871219843790mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\021887~1.EXEO23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exeO23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exeO23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exeO23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 10115 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted August 27, 2008 ID:25990 Share Posted August 27, 2008 (edited) Hi and welcome to Malwarebytes. I don't see anything in your logs as malware. However, your Java is outdated and so is your Adobe Acrobat Reader.You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc. Edited August 27, 2008 by JeanInMontana Fix urls Link to post Share on other sites More sharing options...
Malware Sucks Posted August 27, 2008 Author ID:26017 Share Posted August 27, 2008 Downloaded the Newest Adobe Reader (Version 9) and Got Java 6.7. Thanks =D Link to post Share on other sites More sharing options...
JeanInMontana Posted August 27, 2008 ID:26021 Share Posted August 27, 2008 Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Link to post Share on other sites More sharing options...
JeanInMontana Posted September 5, 2008 ID:26846 Share Posted September 5, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts