Jump to content

Recommended Posts

Greetings all - New to forum, longstanding MBAM customer and love the product. Unusual event/ infection and resultant system errors and

need forum input/ feedback and expertise to resolve.

Away on travel for a week, daily MBAM Full Scans ran on sched w/out error/ issue. Browsing IE last evening and found MBAM protection had been disabled; do not recall having done this manually. Didn't take long to be hit w/ the following;

Trojan.Dropper/GEN-FSG

Trojan.Agent/GEN-FAKE Alert (GPA)

A variant of Win32/Kryptik.DHW.trojan

Java/Trojan.Downloader.OpenStream.NAC trojan

MBAM Full Scan Log below.

System reboot and came up with hijacked desktop/ Favs/ Pics/ other IE apps unavailable. Unsettling. Have never dealt w/ this type of hit before.

Full MBAM scan this AM indicated "IP Protection Failed", also provided below.

Looking for expertise and full eradication from the experts... "what say you"?

Thank you in advance. I have full system backups should the need arise.

Drew

----------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 6314

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/9/2011 6:20:18 AM

mbam-log-2011-04-09 (06-20-18).txt

Scan type: Full scan (C:\|)

Objects scanned: 338260

Time elapsed: 3 hour(s), 36 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfHEwclbGi (Trojan.FakeAlert) -> Value: tfHEwclbGi -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\documents and settings\Drew\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\all users\application data\tfhewclbgi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Drew\local settings\Temp\jar_cache7867802457831110294.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Drew\local settings\Temp\0.8856606423357921.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Drew\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Drew\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

14:00:42 Drew MESSAGE Scheduled update executed successfully

14:00:42 Drew MESSAGE IP Protection stopped

14:00:50 Drew MESSAGE Database updated successfully

14:00:54 Drew MESSAGE IP Protection started successfully

14:59:59 Drew MESSAGE Scheduled scan executed successfully

22:21:13 Drew DETECTION C:\Documents and Settings\Drew\Local Settings\Temp\0.8856606423357921.exe Trojan.Dropper ALLOW

22:21:13 Drew DETECTION C:\Documents and Settings\Drew\Local Settings\Temp\0.8856606423357921.exe Trojan.Dropper ALLOW

22:21:15 Drew DETECTION C:\Documents and Settings\Drew\Desktop\null0.549436216247372.exe Trojan.FakeAlert ALLOW

22:21:18 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:21:18 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:21:18 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:31:03 Drew MESSAGE IP Protection started successfully

22:31:24 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:31:27 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:31:33 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:33:13 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert QUARANTINE

22:33:14 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:14 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:15 Drew ERROR Quarantine failed: DeleteFile failed with error code 5

22:33:28 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:33:31 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:33:33 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:33 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:33 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:35 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:35 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:35 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:37 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:37 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:37 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:37 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:33:39 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:39 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:33:39 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:34:16 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:34:16 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:34:16 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:34:19 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:34:19 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:34:19 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:36:08 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:36:11 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:36:17 Drew IP-BLOCK 95.64.10.41 (Type: outgoing)

22:38:02 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:38:02 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:38:02 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:38:02 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:38:06 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:38:06 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:44:29 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:29 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:29 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:29 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:35 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:35 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:38 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:38 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:44:38 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:44:38 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:44:38 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:44:38 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:44:46 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert ALLOW

22:44:46 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert ALLOW

22:44:46 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:44:46 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:44:46 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:44:46 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert ALLOW

22:51:43 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert QUARANTINE

22:51:43 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:51:43 Drew DETECTION C:\Documents and Settings\All Users\Application Data\tfHEwclbGi.exe Trojan.FakeAlert DENY

22:51:45 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:51:45 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:51:45 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:51:45 Drew ERROR Quarantine failed: DeleteFile failed with error code 5

22:52:46 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:52:46 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:52:54 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:52:54 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:52:58 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:52:58 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:53:00 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:53:00 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:55:07 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:55:07 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

22:57:52 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

22:57:52 Drew DETECTION C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFHEWCLBGI.EXE Trojan.FakeAlert DENY

23:01:47 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

23:01:47 Drew DETECTION C:\documents and settings\all users\application data\tfhewclbgi.exe Trojan.FakeAlert DENY

07:23:31 Drew MESSAGE Protection started successfully

07:23:36 Drew MESSAGE IP Protection started successfully

09:01:11 (null) MESSAGE Protection started successfully

09:03:15 Drew ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.