Jump to content

Antivirus 360


jeffn1

Recommended Posts

This post started in another(incorrect) forums section. I could not get rid o antivirus 360 using the anti-rogue software.

I have tried to follow the instructions for posting.

I scanned it through spybot search&destroy and removed/corrected everything. This seemd to get rid of the programs that Rogue Detector was unable to eliminate.

I also scanned and removed problem items with MBAM. I think I ended up with two logs. One before I removed and another after I rescanned. Here is the "before" log from MBAM:

Malwarebytes' Anti-Malware 1.31

Database version: 1543

Windows 5.1.2600 Service Pack 3

12/25/2008 7:59:13 AM

mbam-log-2008-12-25 (07-58-59).txt

Scan type: Quick Scan

Objects scanned: 61310

Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 5

Registry Keys Infected: 8

Registry Values Infected: 5

Registry Data Items Infected: 6

Folders Infected: 2

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\SYSTEM32\ketafuze.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\SYSTEM32\mifolole.dll (Trojan.Vundo.H) -> No action taken.

c:\WINDOWS\SYSTEM32\guvutoho.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\SYSTEM32\wikegivi.dll (Trojan.Vundo.H) -> No action taken.

c:\WINDOWS\SYSTEM32\tibarozo.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50a3578e-f597-420a-a5e5-84aa492ad6da} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{50a3578e-f597-420a-a5e5-84aa492ad6da} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{50a3578e-f597-420a-a5e5-84aa492ad6da} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\440eb533 (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuwupavire (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm473d86af (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("C:\WINDOWS\trayicon.exe" exec "%1" /S) Good: ("%1" /S) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ketafuze.dll -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ketafuze.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ketafuze.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\guvutoho.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\guvutoho.dll -> No action taken.

Folders Infected:

C:\Program Files\Webtools (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Jeff\Application Data\speedrunner (Adware.SurfAccuracy) -> No action taken.

Files Infected:

C:\WINDOWS\SYSTEM32\mifolole.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\SYSTEM32\elolofim.ini (Trojan.Vundo.H) -> No action taken.

c:\WINDOWS\SYSTEM32\guvutoho.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\SYSTEM32\wikegivi.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\SYSTEM32\ketafuze.dll (Trojan.Vundo.H) -> No action taken.

c:\WINDOWS\SYSTEM32\tibarozo.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\SYSTEM32\jayajuho.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\SYSTEM32\tefiyuvu.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\SYSTEM32\prunnet.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\SYSTEM32\lugavoha.dll (Trojan.Vundo.H) -> No action taken.

Here is the "after" scan from MBAM:

Stream: RealText

File Name: mbam-log-2008-12-25 (08-22-05).txt

Last Modified: Thu, 25 Dec 2008 13:22:05 GMT

File Size: 834 Bytes

RealText source:

Malwarebytes' Anti-Malware 1.31

Database version: 1543

Windows 5.1.2600 Service Pack 3

12/25/2008 8:22:05 AM

mbam-log-2008-12-25 (08-22-05).txt

Scan type: Quick Scan

Objects scanned: 60847

Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I tried to use the PandaActive Scan program, but I was unable to because it said it was unable to update.

I ran Hijack this. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:27:06 AM, on 12/25/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\WDC\CR\SetIcon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

F3 - REG:win.ini: load=

F3 - REG:win.ini: run=

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: YSIGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\YouSendIt\YSIGet\YSIGet.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.