Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

u32.exe


elbmd
 Share

Recommended Posts

Hi

When I run either the quick or full scan of my laptop (Vista) I am told there is an infection;

AppData\Local\Temp\u32.exe (Trojan.Downloader) -> Delete on reboot.

When I reboot I get an error from windows defender blocking the program from reloading - I give permission for the program to run. WHen I restart MBAM it finds the file again.

The file does appear in windows explorer when I look in the folder.

Is this real?

How can I get the program to delete it? I tried running program and deleting in safe mode but it did not make a difference.

Thanks,

Eric

I am posting my DDS file and MBAM log and attaching the attach zipped file.

When I try to run GMER it runs partly through the scan and then goes to blue screen and restarts the computer

________________________________________________________________________________

____________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5110

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

11/13/2010 9:39:40 PM

mbam-log-2010-11-13 (21-39-40).txt

Scan type: Quick scan

Objects scanned: 179365

Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\doctor berman\AppData\Local\Temp\u32.exe (Trojan.Downloader) -> Delete on reboot.

________________________________________________________________________________

________________

DDS (Ver_10-11-10.01) - NTFSx86

Run by doctor berman at 21:53:49.24 on Sat 11/13/2010

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22

Microsoft

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

Thanks for your reply

1st - I have tried rebooting with and without allowing the blocked program to run and it has not seemed to make any difference. I have also rebooted into safe mode where the blocked message error does not pop up and run the scan and it still comes up.

2nd - I ran MBAM here is the log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5111

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

11/14/2010 5:51:47 AM

mbam-log-2010-11-14 (05-51-47).txt

Scan type: Quick scan

Objects scanned: 179592

Time elapsed: 9 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\doctor berman\AppData\Local\Temp\u32.exe (Trojan.Downloader) -> No action taken.

3rd - I ran CCleaner as requested.

What to do next?

Thanks,

Eric

________________________________________________________________________________

_______________________

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

When I try to upload the file it is not listed in that folder - I looked in windows explorer and I can't find it.

What to do next?

Eric

________________________________________________________________________________

____________--

Hi,

Please go to VirusTotal, and upload the following file for analysis:

C:\Users\doctor berman\AppData\Local\Temp\u32.exe

Post the results in your reply.

Next, click Start --> Run, and enter this command exactly as shown:

mbam.exe /developer

MBAM will open; run a Quick Scan and post its log.

Link to post
Share on other sites

I ran MBAM/developer as requested - here is the log - it found the same file.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5111

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

11/16/2010 6:31:04 AM

mbam-log-2010-11-16 (06-31-04).txt

Scan type: Quick scan

Objects scanned: 180325

Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\doctor berman\AppData\Local\Temp\u32.exe (Trojan.Downloader) -> Delete on reboot. [1C91A68F95877E8229DFDE81888B06C9]

Link to post
Share on other sites

  • Staff

Reboot your computer into Safe Mode.

See if the file exists there. Let me know if it does.

Also run a Quick Scan again from there; see if the file is detected.

After that, boot back into Normal Mode.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I ran with new version and file not found.

11/19/2010 6:21:11 AM

mbam-log-2010-11-19 (06-21-11).txt

Scan type: Quick scan

Objects scanned: 178616

Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Anything else I need to do?

Thanks,

Eric

_________________________________________________________________--

Hi,

I would like you to try our MBAM version 1.50 Public Beta and see if the issue persists there.

Link to post
Share on other sites

Everything seems to be working great. Thanks!

What do I need to do about all these programs I downloaded - do I just delete them?

Eric

_______________________________________________________________________

Great. Stick with the beta then; seems to have been a bug with version 1.46.

Are you experiencing any other issues?

Link to post
Share on other sites

  • 2 months later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.