Jump to content

Trojan.Dropper "Removed" but still there. MBAM won't run!

wharfrat

By wharfrat
in Resolved Malware Removal Logs

 Share

Recommended Posts

wharfrat

wharfrat

Posted
Posted

Got that phony Windows security warning to buy that crappy a-v software.

Mbam wouldn't start.

Started Won7 in safe mode, ran mbam, found trojan.dropper, removed it, then rebooted.

It's still there and mbam still won't run.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4056

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/19/2010 7:26:03 AM

mbam-log-2010-08-19 (07-26-03).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 216847

Time elapsed: 22 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\wharf\AppData\Local\Temp\0.6929776949982932.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello wharfrat! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Please follow these instructions and post all logs if you can:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites
wharfrat

wharfrat

Posted
  • Author
Posted

Borislav,

Hi and Thank you.

I think that I may have got rid of it myself while waiting for your response

I'll tell you what I did and if you think that I should do more, I will follow instructions.

This was a little tricky bugger. After Mbam said it deleted it and it's still going, I booted again into safe mode, ran Mbam again and it said I was clean which obviously wasn't so as I was getting popups all over the place.

I went into Msconfig, found a new item called "xskecdrp" linked to a file named "inmyhisdw.exe".

Neither pacs-portal, bleepingcomputer or a Google search had any info on either of these.

Went back into Msconfig, took xskecdrp out of Startup, then deleted the entire folder that inmyhisdw.exe was in/created.

Rebooted and everything seems to be fine. Mbam runs, no popups. etc.

Do I need to do more and how will I know for sure that I'm clean as Avast never found it and Mbam didn't find it the second time?

Link to post
Share on other sites
wharfrat

wharfrat

Posted
  • Author
Posted
Good, but it's not enough. I suggest you to follow my instructions.

I think I'm O.K. now. Mbam found the file that I suspected and removed it this afternoon, so I didn't go further.

Reason Mbam didn't find it the first time is that I couldn't update. I thought it was because I was in safe mode. When I discovered that I couldn't get online with IE, and could with Firefox, I found that my connection settings had been changed as well. Restored them, updated Mbam and it nailed it immediately.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4464

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

8/22/2010 5:56:31 PM

mbam-log-2010-08-22 (17-56-31).txt

Scan type: Quick scan

Objects scanned: 131273

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\$RECYCLE.BIN\S-1-5-21-1435290023-205703798-4205854837-1000\$RSS9JZX\inmyehishdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Ran both quick and full scan afterwords and I'm clean.

thank you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.