Jump to content

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO)


Recommended Posts

My computer was recently infected. My initial scan log showed the following infections:

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\rsdyxasb (Trojan.FakeAlert.Gen) -> Value: rsdyxasb -> Quarantined and deleted successfully.

Since this scan and deletion I have continued to get pop-up warnings with a fake-looking AVG alert titled "Resident Shield" alert saying that various files are infected. I have always Alt-F4ed out of these fake looking alerts but they continue to pop up, especially when I run Malware Bytes or Spybot. More recent attempts at running malware bytes either detects nothing even though the pup up is still occurring, or it finds this:

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

OR

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Please help. I have attached the logs and the DDS diagnostics that I have seen other people on the forums directed to. Please let me know if I should paste the text directly into my reply (they are all quite long however).

dds.txt

attach.txt

mbam-log-2011-07-27 (20-13-39).txt

mbam-log-2011-07-29 (16-31-16).txt

Link to post
Share on other sites

Hello, and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.