Jump to content

Recurring trojan infection, latest with Vista Security 2011


Recommended Posts

Hi

I'm having a recurring problem that I think is down to something reinfecting my PC. I was alerted by a security breach in my internet banking. I ran malwarebytes and removed a regestry entry and file relating to Trojan ZbotR.Gen. I was checking on the web and a pop up opened and said Updater.exe was trying to contact the web. I clicked on continue blocking when Vista Security 2011 took over, turned of the firewall vius software and stopped the access to the internet.

I disconnected the PC form the internet. I downloaded Rkill on another PC, restarted the infected pc, copied Rkill and was able to run it several times. I was then able to run Malwarebytes, this found and removed a regestry value Trojan ZbotR.Gen. I clicked on internet explorer which could not open and the virus scanner that I had reactivated and updated found Rogue:win32\FakeRean and cleaned the system. I updated Malwarebytes and ran a full scan which is attached. The zaz tools entry I had on the ignore list as I believed it to be a false positive, maybe not a good idea but I allowed it to be removed now.

I tried to run GMER but it logged user out of the PC during the scan, on the second attempt it stpped working early in the scan. I hope you can help me.

Nick

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6219

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

31/03/2011 18:02:08

mbam-log-2011-03-31 (18-02-08).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 576313

Time elapsed: 2 hour(s), 7 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\zaz gp4 tools\DLL\checksum.dll (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Nick at 18:25:26.31 on 31/03/2011

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24

Microsoft

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi sceen317

I have done what you advised but I think I made a mistake running ESET. I put a tick in the box when it had finished asking it ot uninstall which I fear meant I have lost the report file as it was not in the ESET folder under programs. It did find one infected file, HTML/Scrinject.B.Gen.virus. The reports are below. I'm sorry about the ESET one as this is the one I think you need. Thank you for your help.

Nick

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6247

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

02/04/2011 19:14:17

mbam-log-2011-04-02 (19-14-17).txt

Scan type: Quick scan

Objects scanned: 232986

Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Results of screen317's Security Check version 0.99.10

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Adobe After Effects CS3 Presets

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 24

Adobe Flash Player 10.1.102.64

Adobe Reader 8.1.6

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

That's fine.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Adobe Flash Player 10.1.102.64

Adobe Reader 8.1.6

Restart your computer.

Get the latest version of Adobe Reader and Adobe Flash Player.

Also open Firefox, and click Help --> Check for Updates; ensure that you're using Firefox 4.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.