Jump to content

Recommended Posts

Hi people,

I've been having trouble recently with trojan horses and root-kits, which are causing endless pop-ups to appear in Firefox. I have scanned my hard drive in safe mode with Malwarebytes, and it keeps deleting the troublesome files, but everytime I reboot my computer, they come back.

I scanned my hard drive in safe mode and here is the log file I got:

------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.31

Database version: 1511

Windows 5.1.2600 Service Pack 2

24/12/2008 08:00:13

mbam-log-2008-12-24 (08-00-13).txt

Scan type: Full Scan (C:\|)

Objects scanned: 198996

Time elapsed: 3 hour(s), 42 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------------------

I then restarted my computer in normal mode and scanned it again. Here is the second log file I got:

------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.31

Database version: 1511

Windows 5.1.2600 Service Pack 2

24/12/2008 10:06:15

mbam-log-2008-12-24 (10-06-15).txt

Scan type: Full Scan (C:\|)

Objects scanned: 197919

Time elapsed: 1 hour(s), 28 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tyqaotl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati7hxxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati7hxxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati7hxxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\tyqaotl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\ati7hxxx.sys (Rootkit.Agent) -> Delete on reboot.

------------------------------------------------------------------

If anybody could help me I would be extremely grateful.

Thanks...

Link to post
Share on other sites

Hello JohnNada, welcome to Malwarebytes

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

An expert will give you further instructions to assist you with the cleaning of your system.

Note:

Do Not run any other tools or scans during the cleanup process, Do Not install any other software unless requested to do so.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.