Jump to content

Trojan+Rootkit+Others


Recommended Posts

Hey guys and gals. Started about a week ago, computer was connected to the net but idling, no websites were open, no downloads occuring, msn was signed in but I wasn't using it. I contracted a "anti-malware doctor" that looked like it was a genuine windows program telling me I had massive amounts of viruses. I had two of these programs, could see them in the taskbar, they did not let me open anything once i contracted them, would tell me iexplore.exe was corrupt, couldnt even open my computer or control panel. Suffice to say I attempted removal through tutorials on the net and thought I had got all of it, did scans with MBAM after to confirm there was nothing left. Since then I have noticed that the internet on this computer is very slow, many webpages such as google sometimes say cannot display webpage or something along those lines when opened when the laptop next to me displays them fine.

Of most concern is that MBAM has been blocking malicious threats constantly since this occured. This morning I awoke to find that the AVG scan last night found various malware and trojans. Once again today I did scans in safemode and deleted all that was found. Tonight I went out for 15 minutes leaving my firefox window open and came back to find AVG popup saying it has detected a virus, and in the background a new tab opened with an ip address typed in and some long extensions on the end which was not there when I left.

MBAM log from today:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4483

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

27/08/2010 12:06:48 PM

mbam-log-2010-08-27 (12-06-48).txt

Scan type: Full scan (C:\|I:\|)

Objects scanned: 455630

Time elapsed: 1 hour(s), 44 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 20

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\arxemonwsc.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Justin\Local Settings\Temp\arxemonwsc.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Application Data\blwgquxqw\tylrhkdshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\cache\6.0\62\7e79bf7e-795c4d4f (Trojan.Cycler) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Application Data\blwgquxqw\tylrhkdshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\137D.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\137E.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\mkcxhunr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\343361625.exe (Trojan.Cycler) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\wtpvaae.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\6LWBHDZK\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\J1SGMBJY\mqupjickr[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\XVR6LEAA\mqupjickr[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\XVR6LEAA\cgbvd[2].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Program Files\UBISOFT\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-73586283-1454471165-1177238915-1003\Dc33.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-73586283-1454471165-1177238915-1003\Dc12\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-73586283-1454471165-1177238915-1003\Dc28\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{354E1B20-51F0-4EA5-B410-1E009045654F}\RP0\A0001090.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.