Jump to content

coolwwwseach.olehelp + something reinstalling it


Maid

Recommended Posts

I've having issues with the coolwwwsearch.olehelp malware. Every time I find it and remove it, it re installs itself shortly after.

Logs as requested per sticky:

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

11/7/2010 7:48:04 PM

mbam-log-2010-11-07 (19-48-04).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 665124

Time elapsed: 1 hour(s), 8 minute(s), 38 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

C:\Users\Maid\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Maid\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

DDS.txt:

DDS (Ver_10-11-08.01) - NTFS_AMD64

Run by Maid at 20:27:18.22 on Sun 11/07/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2484 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\Maid\AppData\Roaming\Microsoft\Windows\shell.exe

C:\Users\Maid\AppData\Roaming\Microsoft\svchost.exe

C:\Users\Maid\AppData\Local\Temp\dwm.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

D:\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\Xfire\Xfire.exe

D:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Visioneer OneTouch\OneTouchMon.exe

C:\Program Files (x86)\Mouse Driver\MouseDrv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Xfire\xfire64.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\explorer.exe

C:\Users\Maid\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:50370

uWinlogon: Shell=explorer.exe,C:\Users\Maid\AppData\Roaming\Microsoft\Windows\shell.exe

uWindows: Load=C:\Users\Maid\AppData\Local\Temp\dwm.exe

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

uRun: [steam] "d:\steam\steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun: [WireLessMouse] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe MouseDrv.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [OneTouch Monitor] C:\Program Files (x86)\Visioneer OneTouch\OneTouchMon.exe

mRun: [svchost] C:\Users\Maid\AppData\Roaming\Microsoft\svchost.exe

StartupFolder: C:\Users\Maid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

StartupFolder: C:\Users\Maid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

uPolicies-explorer: QuickLaunchEnabled = 1 (0x1)

uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Maid\AppData\Roaming\Mozilla\Firefox\Profiles\rlb2dtff.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 1

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin7.dll

FF - plugin: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - trueC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-6 202752]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-7 1153368]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-4-6 6659072]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-6 195584]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WNDA31vx.sys [2010-9-3 553472]

S2 gupdate1cabce81e083a47;Google Update Service (gupdate1cabce81e083a47);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 133104]

S3 LiveTurbineMessageService;Turbine Message Service - Live;D:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2010-2-23 271856]

S3 LiveTurbineNetworkService;Turbine Network Service - Live;D:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2010-2-23 218608]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-6 1255736]

=============== Created Last 30 ================

2010-11-08 03:50:27 103424 ------w- C:\Users\Maid\AppData\Roaming\Microsoft\svchost.exe

2010-11-08 03:08:22 -------- d-----w- C:\Program Files (x86)\Safer Networking

2010-11-08 01:47:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2010-11-08 01:47:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2010-11-08 01:47:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2010-11-08 01:47:54 444752 ----a-w- C:\Windows\System32\mscoree.dll

2010-11-08 01:47:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2010-11-08 01:47:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2010-11-08 01:47:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2010-11-08 01:47:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2010-11-08 01:47:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2010-11-08 01:47:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2010-11-08 01:46:49 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{54468028-F143-4D94-AF74-584468C61BE6}\mpengine.dll

2010-11-08 01:39:59 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-11-08 01:34:17 -------- d-----w- C:\Users\Maid\AppData\Roaming\Malwarebytes

2010-11-08 01:34:10 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-08 01:34:10 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-11-08 01:34:09 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-08 01:34:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-08 00:45:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2010-11-08 00:45:35 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2010-11-07 20:11:04 108032 ----a-w- C:\Users\Maid\AppData\Roaming\Microsoft\Windows\shell.exe

2010-11-07 20:10:51 -------- d-----w- C:\Users\Maid\AppData\Roaming\Foxit Software

2010-11-07 04:56:57 -------- d-----w- C:\Users\Maid\AppData\Roaming\Spore

2010-10-23 05:47:48 505104 ----a-r- C:\Windows\SysWow64\msxml.dll

2010-10-23 05:47:47 89360 ----a-r- C:\Windows\SysWow64\VB5DB.DLL

2010-10-23 05:47:47 69632 ----a-r- C:\Windows\SysWow64\xmltok.dll

2010-10-23 05:47:47 36864 ----a-r- C:\Windows\SysWow64\xmlparse.dll

2010-10-23 05:47:47 35840 ----a-r- C:\Windows\SysWow64\comdlg32.oca

2010-10-23 05:47:47 29184 ----a-r- C:\Windows\SysWow64\MSINET.oca

2010-10-23 05:47:47 28432 ----a-r- C:\Windows\SysWow64\msxmlr.dll

2010-10-23 05:47:47 26096 ----a-r- C:\Windows\SysWow64\xmlinst.exe

2010-10-23 05:47:47 24576 ----a-r- C:\Windows\SysWow64\msxml3a.dll

2010-10-23 05:17:33 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2010-10-23 05:17:33 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2010-10-23 05:17:33 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2010-10-23 05:17:33 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2010-10-23 05:17:33 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2010-10-23 05:17:21 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2010-10-23 05:17:21 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2010-10-19 04:10:38 -------- d-----w- C:\Program Files (x86)\Minutor

==================== Find3M ====================

2010-10-19 19:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-25 06:55:10 249856 ------w- C:\Windows\Setup1.exe

2010-09-25 06:55:08 73216 ----a-w- C:\Windows\ST6UNST.EXE

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 20:27:47.99 ===============

Malware_logs.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Staff

Glad we could help. :D

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.