Jump to content

Dormant file/Recycler?


Recommended Posts

We have a client machine running the latest EP, fully enforced, etc. The user machine appeared to be fine but we were asked to run a malwarebytes scan on it (long story). Anyway, it came back with the following below. The registry data item is from our GPO so Im not worried about that at all. If its referencing "recycler" so my first question is this something that could have been removed at some point prior? The latter being is it possible the .exe was the initial drop package and dormant, the contents already being caught and wiped? Thanks guys

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5954

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/4/2011 5:26:58 PM

mbam-log-2011-03-04 (17-26-58).txt

Scan type: Quick scan

Objects scanned: 216882

Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Recycler ( -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\Recycler (Trojan.Agent) -> Value: Recycler -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load\Recycler (Trojan.Agent) -> Value: Recycler -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\Recycler (Trojan.Agent) -> Value: Recycler -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\james.hedgepeth\local settings\Temp\0.6213781838315039.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.