Jump to content

Trojans trojans evrywhere.....


Recommended Posts

I have been battling some infections to no avail, so I have decided to swallow my pride and beg for the help of the experts.....Mbam finds and removes these, but it comes back and proxy's up my internet connection....

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5154

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

11/19/2010 3:02:15 PM

mbam-log-2010-11-19 (15-02-15).txt

Scan type: Quick scan

Objects scanned: 144040

Time elapsed: 38 minute(s), 14 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

C:\Users\sheena\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

C:\Users\sheena\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

C:\Users\sheena\AppData\Local\Temp\dwm.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\users\sheena\appdata\local\temp\dwm.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\sheena\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\sheena\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\sheena\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\sheena\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Users\sheena\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

C:\Users\sheena\AppData\Local\Temp\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Then ran defogger.....

dds.txt is here....

DDS (Ver_10-11-10.01) - NTFSx86

Run by sheena at 16:36:07.59 on Fri 11/19/2010

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22

Microsoft

Attach_11_19_10.zip

ark.txt

Link to post
Share on other sites

post-32477-1261866970.gif

(Backdoor.Bot)

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

You still need to do this even after a reformat.

Change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.

Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.

Pictures should be OK.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.