tehpastaboy Posted December 23, 2008 ID:41769 Share Posted December 23, 2008 Got infected with something bad... Had Gadcom and Virtumonde infections a few months ago, used Avast/Spybot/Manual Removal, have been fine since then until a day or two ago. Scanned with spybot... it found a LOT of infections, but couldn't remove all of them. Used Malwarebytes Anti-Malware, it removed all but 2... HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MS JUAN and HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MS Track System. Also, wscntfy is constantly running in the task manager/processes tab. I cannot turn on automatic updates, and I get popups after typing things into searches/text boxes/etc.Here is the last log from Malwarebytes Anti-Malware:Malwarebytes' Anti-Malware 1.31Database version: 1531Windows 5.1.2600 Service Pack 312/23/2008 6:36:23 AMmbam-log-2008-12-23 (06-36-23).txtScan type: Quick ScanObjects scanned: 51515Time elapsed: 2 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Found a couple of similar threads on this site through google, scanned with Panda Active Scan, here is the log:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-12-23 09:44:18PROTECTIONS: 1MALWARE: 14SUSPECTS: 4;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================avast! antivirus 4.8.1296 [VPS 081222-0] 4.8.1296 Yes Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@doubleclick[2].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@statcounter[1].txt00447475 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{A355B3B7-D367-4F92-97FE-2AC889E0831D}\RP234\A0097844.exe00462916 Adware/XPAntivirusPro Adware No 0 Yes No C:\System Volume Information\_restore{A355B3B7-D367-4F92-97FE-2AC889E0831D}\RP234\A0097843.exe00464258 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{A355B3B7-D367-4F92-97FE-2AC889E0831D}\RP272\A0109305.exe00492014 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\SBCGWLPK\apstpldr.dll[1].htm00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Richard\My Documents\Installers\VirtumundoBeGone.exe01895148 Malicious Packer SecRisk No 0 No No D:\My Documents\Finished Torrents\Misc Programs\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DTPro4100218Advanced.exe[D:\My Documents\Finished Torrents\Misc Programs\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DTPro4100218Advanced.exe][is153343.exe]02921148 Adware/AccesMembre Adware No 0 No No D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Keygen + Activation Key\PhotoShop CS3 Extended Keygen + Activationxx.EXE[D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Keygen + Activation Key\PhotoShop CS3 Extended Keygen + Activationxx.EXE][WINDOW~1.EXE]02921148 Adware/AccesMembre Adware No 0 No No D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Crack (optional only if u cant do keygen)\Adobe PhotoShop CS3 EXTENDEDxx.EXE[D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Crack (optional only if u cant do keygen)\Adobe PhotoShop CS3 EXTENDEDxx.EXE][WINDOW~1.EXE]02925267 Generic Trojan Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{1106BC17-AB10-43A3-A029-5942B86D4B2E}\RP292\A0086292.exe03275032 Generic Malware Virus/Trojan No 0 Yes No C:\GMOD10\GMod10[Final].exe03277754 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Richard\My Documents\VAMPIRE.TM.B.V1.2.PLUS3TRN.RIP.ZIP[VampireBloodlinesTrainer_RIP.exe]04438488 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\arorzs.dll04438488 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\System32\arorzs.dll04438488 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jwkkcuav.dll04438488 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\arorzs.dll;===================================================================================================================================================================================SUSPECTSSent Location ;===================================================================================================================================================================================No C:\Documents and Settings\Richard\My Documents\Installers\burnsetupcnet.exe No C:\WINDOWS\system32\urqRKCrQ.dll No D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Crack (optional only if u cant do keygen)\Adobe PhotoShop CS3 EXTENDEDxx.EXE[D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Crack (optional only if u cant do keygen)\Adobe PhotoShop CS3 EXTENDEDxx.EXE][ADOBEP~1.EXE]No D:\System Volume Information\_restore{B71F70FD-EDFA-444B-B154-A85940DC645B}\RP4\A0000214.exe[ Link to post Share on other sites More sharing options...
Tigger93 Posted December 23, 2008 ID:41795 Share Posted December 23, 2008 The first issue is you are using cracked software. We can only help you once you've removed all the cracked software off of your system. Link to post Share on other sites More sharing options...
tehpastaboy Posted December 23, 2008 Author ID:41801 Share Posted December 23, 2008 I have to remove photoshop? Why would that have anything to do with it? I've had photoshop for a while- the problems are new. Link to post Share on other sites More sharing options...
Tigger93 Posted December 23, 2008 ID:41807 Share Posted December 23, 2008 01895148 Malicious Packer SecRisk No 0 No No D:\My Documents\Finished Torrents\Misc Programs\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DTPro4100218Advanced.exe[D:\My Documents\Finished Torrents\Misc Programs\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DTPro4100218Advanced.exe][is153343.exe]02921148 Adware/AccesMembre Adware No 0 No No D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Keygen + Activation Key\PhotoShop CS3 Extended Keygen + Activationxx.EXE[D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Keygen + Activation Key\PhotoShop CS3 Extended Keygen + Activationxx.EXE][WINDOW~1.EXE]02921148 Adware/AccesMembre Adware No 0 No No D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Crack (optional only if u cant do keygen)\Adobe PhotoShop CS3 EXTENDEDxx.EXE[D:\My Documents\Finished Torrents\Misc Programs\Photoshop CS3_Extended (Keygen+ Crack!)\Photoshop CS3 Keygen + Crack\Crack (optional only if u cant do keygen)\Adobe PhotoShop CS3 EXTENDEDxx.EXE][WINDOW~1.EXE]Shows you got more than photoshop, you got a nice virus too. Again, you must remove cracked software before we can help. It's out policy, and most forums software. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 24, 2008 Root Admin ID:41892 Share Posted December 24, 2008 HiJack This! Forum PolicyWe will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law. Link to post Share on other sites More sharing options...
Recommended Posts