Jump to content

Trojan Downloader


des3482

Recommended Posts

Here is my malwarebyte log

Malwarebytes' Anti-Malware 1.30

Database version: 1419

Windows 5.1.2600 Service Pack 3

24/11/2008 09:22:30

mbam-log-2008-11-24 (09-22-30).txt

Scan type: Full Scan (C:\|)

Objects scanned: 162546

Time elapsed: 1 hour(s), 21 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Link to post
Share on other sites

Here is my Panda log

*********************************************************************

ANALYSIS: 2008-11-24 11:03:31

PROTECTIONS: 2

MALWARE: 7

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Norton Internet Security 2006 2006 Yes Yes

avast! antivirus 4.8.1290 [VPS 081123-0] 4.8.1290 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00039204 adware/cws Adware No 0 Yes No c:\documents and settings\des\favorites\health

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Des\My Documents\CRAP\QuickClean Restore Points\Deletion of files on 01-December-2005.q1b[C:/Program Files/Yahoo!/YPSR/Quarantine/ppq7B.tmp]

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Des\My Documents\CRAP\QuickClean Restore Points\Deletion of files on 01-December-2005.q1b[C:/Program Files/Yahoo!/YPSR/Quarantine/ppqE5.tmp]

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Des\My Documents\CRAP\QuickClean Restore Points\Deletion of files on 01-December-2005.q1b[C:/Program Files/Yahoo!/YPSR/Quarantine/ppq24D.tmp]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Des\My Documents\CRAP\QuickClean Restore Points\Deletion of files on 01-December-2005.q1b[C:/Program Files/Yahoo!/YPSR/Quarantine/ppqE6.tmp]

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Des\My Documents\CRAP\QuickClean Restore Points\Deletion of files on 01-December-2005.q1b[C:/Program Files/Yahoo!/YPSR/Quarantine/ppq3A.tmp]

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Des\My Documents\CRAP\QuickClean Restore Points\Deletion of files on 01-December-2005.q1b[C:/Program Files/Yahoo!/YPSR/Quarantine/ppq66.tmp]

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\DRIVERS\obukchh.sys

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location L

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description L

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Here is my Hijack This log

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:57, on 24/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Caere\OmniPagePro90\opware32.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\RegCure\RegCure.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def...m/info/ie6.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

Latest scans shows 3 Trojan Downloaders present.

alwarebytes' Anti-Malware 1.30

Database version: 1419

Windows 5.1.2600 Service Pack 3

24/11/2008 12:07:45

mbam-log-2008-11-24 (12-07-45).txt

Scan type: Quick Scan

Objects scanned: 55978

Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rhnyjvwp (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rhnyjvwp (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\DRIVERS\obukchh.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.