ricosmo4 Posted September 30, 2008 ID:29305 Share Posted September 30, 2008 is it safe to quarantine the system32 folder ? for example, after doing a scan malwarebyte found the following,...Malwarebytes' Anti-Malware 1.28Database version: 1221Windows 5.1.2600 Service Pack 29/29/2008 9:15:40 PMmbam-log-2008-09-29 (21-15-36).txtScan type: Quick ScanObjects scanned: 49259Time elapsed: 3 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 6Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> No action taken.C:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> No action taken.C:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> No action taken.C:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> No action taken.thanks for the help Link to post Share on other sites More sharing options...
JeanInMontana Posted September 30, 2008 ID:29333 Share Posted September 30, 2008 It's not quarantinging the System32 folder, the infected items in the folder are being quarantined. Your log shows a rootkit. You need to notify all sensitive data entities immediately that your identity has been compromised; banks, credit cards etc. Consider doing a reformat to completely be sure the rootkit is gone. Otherwise seek assistance in the HJT forum . Read the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Start your own topic in that forum. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now