Jump to content

My Log - False Positives?


Smartkid

Recommended Posts

I somehow got infected with MS Antispyware2009 and was fortunate to find out about this software. I ran the scan and the problem was successfully removed, but I think it might have affected some of my other programs as well.

My Internet Explorer now runs with "no add-ons" and my I am now required to accept a license agreement each time I turn on my iTunes. Some of the icons on my Desktop are different now than what they used to be. I know these descriptions are pretty vague, but here's the log of my scan. Perhaps the scan has quarantined things that are not actually harmful?

I appreciate the help.

Thanks

***

Malwarebytes' Anti-Malware 1.29

Database version: 1276

Windows 5.1.2600 Service Pack 2

10/19/2008 5:11:06 PM

mbam-log-2008-10-19 (17-11-06).txt

Scan type: Quick Scan

Objects scanned: 70329

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 26

Memory Processes Infected:

C:\WINDOWS\system32\wini10803.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\mmmatt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS6a90.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\TDSS6bd8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini10803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uesiuqcr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\TDSSbubv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSShrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoiqn.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSrhyp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Thanks for the quick response nosirrah.

So all the files that the scan picked up are definitely harmful? Should I delete them all?

Also, what is the best way to go about restoring my Toolbars and BHOs to their previous states? I'd like to have my Internet Explorer, iTunes, and whatever other progams that may have been affected to run the way they used to prior to the infection.

Link to post
Share on other sites

From you log they all look dead already (Quarantined and deleted successfully) .

It would be a good idea to head to our HijackThis forum for a checkup , make sure that MBAM did not miss anything .

As far as your addons go , reinstalling the software or system restore would work (restore to before you got infected though or you will get more than your addons back) .

http://www.malwarebytes.org/forums/index.php?showforum=7

I would love to help myself but I am on my way out the door , 3AM - noon is enough for this morning :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.