Jump to content

No matter how many times I run MWB, it keeps finding infections


Recommended Posts

Hi,

I am a pro-user, but I am trying to clean a work computer, so I have only run Malwarebytes' Anti-Malware Free version on this PC. I am uncertain if it is safe to run any other programs, as this is a work PC. Here are the PC Specs: Windows XP, and have MSE and MBAM running as the protection. I will post a few logs below of what the scans show. I have been running scans every night I come in to the PC. I run a scan, and it shows infections. I clean them, reboot as asked, and restart. Run MWAM immediately upon reboot, and it still finds infections. Repeat process. Run it a third time, and still infections. How is this possible? What can I do to resolve this problem?

First Run:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6859

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/17/2011 12:12:44 AM

mbam-log-2011-06-17 (00-12-44).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 269324

Time elapsed: 1 hour(s), 13 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MESSENGER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\networkservice\application data\02000000140b511c1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000140b511c1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000140b511c1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000140b511c1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Second Run:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6859

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/17/2011 2:06:05 AM

mbam-log-2011-06-17 (02-06-05).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 268444

Time elapsed: 1 hour(s), 42 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\02000000140b511c1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Third Run:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6859

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/17/2011 3:55:38 AM

mbam-log-2011-06-17 (03-55-38).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 263458

Time elapsed: 1 hour(s), 22 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MESSENGER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\networkservice\application data\02000000140b511c1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000140b511c1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000140b511c1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\02000000140b511c1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\02000000140b511c1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

I would greatly appreciate any help.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Well the PC went kaput. I ran a full scan on Saturday while awaiting a reply, it found 4 infections. I rebooted, and booted up to the isass.exe fatal error. If we do decide to reinstall the OS on this pc and it still is present, ill reply back. Thanks, though.

Link to post
Share on other sites

  • Staff

Thanks for letting me know.

You could try the following to see if it gets you back up and running:

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.