amunro Posted October 23, 2008 ID:31943 Share Posted October 23, 2008 Here is my2 logs from malwarebytes scan, as requested.Malwarebytes' Anti-Malware 1.29Database version: 1276Windows 5.1.2600 Service Pack 310/22/2008 9:57:22 PMmbam-log-2008-10-22 (21-57-22).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 127420Time elapsed: 27 minute(s), 17 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 3Registry Data Items Infected: 0Folders Infected: 4Files Infected: 26Memory Processes Infected:C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Documents and Settings\costco\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Delete on reboot.C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Documents and Settings\costco\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\Documents and Settings\costco\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.C:\Documents and Settings\costco\Desktop\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.C:\Documents and Settings\costco\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.Malwarebytes' Anti-Malware 1.29Database version: 1276Windows 5.1.2600 Service Pack 310/22/2008 10:15:31 PMmbam-log-2008-10-22 (22-15-31).txtScan type: Quick ScanObjects scanned: 60482Time elapsed: 4 minute(s), 43 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 23, 2008 Root Admin ID:31947 Share Posted October 23, 2008 Hello amunro and Welcome to Malwarebytes.org Not sure who instructed you to post or if it was from the Pre-HijackThis post but you're supposed to also have a Panda log.Please read the post below and follow those directions. Update MBAM go to the UPDATE tab and update it.Please read and follow the instructions provided here: Pre- HJT Post InstructionsWhen ready please post your logs back here in this same post.During this scan and cleanup process you should not install any other software unless requested to do so. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 26, 2008 Root Admin ID:32338 Share Posted October 26, 2008 Hello amunro,This thread will be closed tomorrow if we don't hear back from you. Please provide the requested information or a status update. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 28, 2008 Root Admin ID:32670 Share Posted October 28, 2008 Since there has been no response in over 5 days I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post InstructionsAlso don't forget that we offer FREE assistance with General PC questions and repair here PC Help If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org Link to post Share on other sites More sharing options...
Recommended Posts