Jump to content

Windows Vista infected


Recommended Posts

Let me first say that I am a fairly advanced user but not too good in the malware removal department. Please go try to go easy on me but I am not a total noob.

It seems kind of odd that I got infected. I have AV protection, do not visit porn, warez or pirated software and I am generally careful.

It all started with search redirects. I then installed mbam but halfway through scanning, it crashed. After reinstalling it, I was able to get it to quick scan and quarantine quite a bit of files.

I will kick it off with the mbam log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/8/2011 11:26:37 PM
mbam-log-2011-06-08 (23-26-37).txt

Scan type: Quick scan
Objects scanned: 230170
Time elapsed: 20 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 130

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Notepad.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\John\AppData\Local\jrg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\John\AppData\Local\jrg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\John\AppData\Local\jrg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\Windows\IEXPLORE (Trojan.Agent) -> Delete on reboot.
c:\Windows\IEXPLORE\CACHE (Trojan.Agent) -> Delete on reboot.
c:\Windows\IEXPLORE\CUSTOM (Trojan.Agent) -> Delete on reboot.
c:\Windows\IEXPLORE\HELP (Trojan.Agent) -> Delete on reboot.
c:\Windows\IEXPLORE\MAIL (Trojan.Agent) -> Delete on reboot.
c:\Windows\IEXPLORE\PLUGINS (Trojan.Agent) -> Delete on reboot.

Files Infected:
f:\temp\0.5277109551874092.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Roaming\Adobe\plugs\mmc18.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\BASIC.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CLASSES.ZIP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\emcookie.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\FAVORITE.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\FECHRCNV.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\GLOBHIST.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\IEDKCS16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\IEMASTHD.GIF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSAGEN16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSAWT16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSHTML16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSJAVA16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSJPEG16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSNET16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MSNLS.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\NOTES.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\RA.GIF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\RAPLAYER.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\RAPLAYER.HLP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\README.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\README.TXT (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\SCHNL16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\SECSSP16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\SETUP31.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\SPACE.GIF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\START.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\START.RAM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea11478.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea11942.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea14604.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea153.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea15724.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea16827.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea18467.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea19169.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea23281.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea24464.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea26500.htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea26962.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea28145.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea292.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea29358.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea2995.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea32391.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea3902.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea41.htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea4827.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea491.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea5436.css (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea5705.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea6334.gif (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\iea9961.png (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\MAIN.IDX (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDM424C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDM424D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDM8E05.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDM8E06.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDMDAB0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDMDAB1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDMEBC2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CACHE\VDMEBC3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CUSTOM\IEDKCS16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CUSTOM\INSCHK16.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CUSTOM\INSRUN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CUSTOM\INSTALL.INS (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CUSTOM\WNIE26.BMP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\CUSTOM\WNIE38.BMP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\AUTHOR.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\COMMANDS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\CONBOOK.GIF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\CONCEPTS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\DOCWIN.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\EULA.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\FILETY16.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\FIND.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\HISTORY.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\HOME.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\HOTLIST.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\HTML.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\LOOK.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\MAIL.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\NEWNEWS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\OPEN.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\OPTIONS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\PERFORM.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\PRINT.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\PROXY.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\RATINGS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\SAVEAS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\SSL.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\TOPICS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\TROUBLE.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\UPDATE.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\HELP\URL.HTM (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\ABP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.DAN (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.DEU (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.ENG (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.ENU (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.ESN (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.ESP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.FIN (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.FRA (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.FRC (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.ISL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.ITA (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.NLD (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.NOR (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.PTG (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\CHARSET.SVE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\HEX40BIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\HEX40BIN.PIF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MAIL.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MAIL.INI (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MAILON.HLP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MAPIIE.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MAPISEND.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MDB.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MIME.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MONCFG.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\MSGSTORE.PRF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\RECV.PRF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\SEND.PRF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\SENDMAIL.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\SKELETON.PRF (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\SPOOLERI.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\IEXPLORE\MAIL\TRANS.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.