Jump to content

3 Trojans and 200 "Infected" (Adwares) in first scan.

Everett
 Share

Recommended Posts

Everett

Everett

Posted
Posted

I have downloaded mbam, scanned my (XP Pro) PC, gotten 200 "malicious software" files identified by mbam (mbam log attached) with "no action" taken. All of them are "checked" by the mbam software for removal. Half are HKEY entries and the rest are a mixture of files, almost none of which are known to me to be dangerous but might be. Almost all say "Adware" in the description. But oddly, while HKEY items are Registry items and many are marked "infected," the log says

"Registry Data Items Infected: (No malicious items detected)."

Here are the few entries that don't say Adware but do say Trojan and would possibly be malicious, I presume:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\EV\Local Settings\Temp\32.exe (Trojan.Downloader) -> No action taken.

To be conservative, should I delete only the ones marked Trojan and leave the rest? Or leave them all in place?

The HKEY entries are scary to remove, and the rest somewhat scary. Are most of these going to be usage tracking or helper things like cookies? How do I know if one is truly a danger? I don't mind the tracking if it helps present pertinent content to me, and I cannot take time to research 200 and do not wish to risk removal of that many without knowing what I'm doing. Furthermore others have been removed before only to reappear the next day. So,

How does one efficiently decide which are worth removing and which can and maybe should be left in place?

One other question: Since I found mbam by checking on a Zone Alarm warning about a password stealing trojan (ZeuS....), and said trojan is said to be used briefly and then changed, so quickly that it will often not be eradicated until after it is used by some of those PCs in that brief period, is there anything about mbam that makes it more likely than, say AVG (free), to find and disinfect this type of trojan? In other words is anything effective at all, and is this a reason to have both, or mbam alone?

Thanks for providing help for a free service like this.

mbam_log_2010_09_18__13_51_43_.txt

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hello and welcome to Malwarebytes....

You are most definitely infected there..... Trojan.Vundo can be hard to remove, you could try removing all selected items and found from Malwarebytes, then reboot as needed and run another scan to make sure its clean.... If you would like help with the cleaning process please follow the instructions below....

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" t_reply.gif button instead of other ones when you start replying. :)

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted
If you want to try and tackle it yourself, download, install, update and run full scans with Malwarebytes Antimalware and SuperAntispyware

(both are free downloads). NB Some infections will prevent their installation.

This response was in reply to the FunWebproducts item you listed -

funwebproducts.historyswattercontrolbar This is a large infection -

If you do not wish to remove them yourself , Please follow the advice from Firefox given above -

Link to post
Share on other sites
Everett

Everett

Posted
  • Author
Posted

Thanks for the encouragement. In spite of my fears of messing with HKEYs, I went ahead and used the mbam to remove all 300 infections, and it worked fine, evidently quarantining them. I browsed a few sites afterwards, and while it took a few extra tries to get some of my favorite sites to display on the browser, they all did display so far with little or no problem. Furthermore after the removal and a new browse session I rescanned with mbam and no further malware was noted when re-scanned. Nice product so far.

Link to post
Share on other sites
Everett

Everett

Posted
  • Author
Posted
This response was in reply to the FunWebproducts item you listed -

funwebproducts.historyswattercontrolbar This is a large infection -

If you do not wish to remove them yourself , Please follow the advice from Firefox given above -

Thanks for your encouragement, which I needed. All is now OK, but I am wondering if there is some reason why I should also download and perhaps run the other piece of software in your recommendation, SuperAntispyware. Looking at the offerings it appears that they do much the same thing, in that they both say they counter both malware and I think spyware (mbam certainly do so as to adware). And in the future, should I choose to scan occasionally with both or is one sufficient.

Link to post
Share on other sites
  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.