Jump to content

MBAM cleaned a lot, but not all of them


Recommended Posts

Hi guys,

I have just recieved a laptop of my friend. She had tons of viruses in her PC. First, I went for MBAM, it detected most of the malware but not all of them. After that, I have uninstalled MBAM and installed Spyware Doctor which found 5 more severe malware. Anyway, I would like to share MBAM Log.

I will share SD log if I find it.

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Veritabanı sürümü: 7419

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10.08.2011 00:16:00

mbam-log-2011-08-10 (00-15-55).txt

Tarama kipi: Yıldırım taraması

Taranmış öğeler: 138345

Geçen süre: 1 dakika, 13 saniye


Etkilenmiş Hafıza İşlemleri: 5
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 10
Etkilenmiş Kayıt Değerleri: 36
Etkilenmiş Veri Öğeleri: 2
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 28

Etkilenmiş Hafıza İşlemleri:
c:\Windows\nvsvc32.exe (Backdoor.Bot) -> 2444 -> No action taken.
c:\Windows\csrss.exe (Trojan.Agent) -> 3340 -> No action taken.
c:\Users\PC\AppData\Roaming\tskmanager.exe (Trojan.LVBP) -> 3536 -> No action taken.
c:\Windows\smss.exe (Trojan.Agent) -> 3772 -> No action taken.
c:\Windows\Temp\windns.exe (Trojan.Agent) -> 4388 -> No action taken.

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
HKEY_CLASSES_ROOT\CLSID\{76F0CSL2-43N2-LS44-11D5-43WCS7582I71} (Spyware.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{76F0CSL2-43N2-LS44-11D5-43WCS7582I71} (Spyware.Banker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D4CF558B-745C-44FF-854F-D6FCAE69B6E1} (Adware.Fluxeos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4CF558B-745C-44FF-854F-D6FCAE69B6E1} (Adware.Fluxeos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4CF558B-745C-44FF-854F-D6FCAE69B6E1} (Adware.Fluxeos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4CF558B-745C-44FF-854F-D6FCAE69B6E1} (Adware.Fluxeos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Etkilenmiş Kayıt Değerleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Bot) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Bot) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Devices Manager (Trojan.Agent) -> Value: Windows System Devices Manager -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Devices Manager (Trojan.Agent) -> Value: Windows System Devices Manager -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tskmanager.exe (Trojan.LVBP) -> Value: tskmanager.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tskmanager.exe (Trojan.LVBP) -> Value: tskmanager.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\#ozkan# (Trojan.LVBP) -> Value: #ozkan# -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Controler (Trojan.Agent) -> Value: Windows System Controler -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Controler (Trojan.Agent) -> Value: Windows System Controler -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update System (Worm.Agent) -> Value: Windows Update System -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update System (Worm.Agent) -> Value: Windows Update System -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Spyware.Banker) -> Value: HKLM -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Spyware.Banker) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Spyware.Banker) -> Value: HKCU -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Spyware.Banker) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Worm.Agent) -> Value: Windows UDP Control Center -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Updater (Trojan.Agent) -> Value: Google Updater -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Updater (Trojan.Agent) -> Value: Google Updater -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Google Updater (Trojan.Agent) -> Value: Google Updater -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Value: winlogon -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer.exe (Trojan.Agent) -> Value: explorer.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMZH42I4GI (Trojan.FakeAlert.SA) -> Value: XMZH42I4GI -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate (Backdoor.IRCBot.Gen) -> Value: WindowsUpdate -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.IRCBot) -> Value: Windows Update -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Login access (Trojan.Agent) -> Value: Windows Login access -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKEY_CURRENT_USER (Trojan.Agent) -> Value: HKEY_CURRENT_USER -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\Windows Services (Backdoor.IRCBot) -> Value: Windows Services -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\Windows System Devices Manager (Backdoor.Agent) -> Value: Windows System Devices Manager -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HKEY_CURRENT_USER (Trojan.Agent) -> Value: HKEY_CURRENT_USER -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Services (Trojan.Agent) -> Value: Windows Services -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate (Backdoor.IRCBot.Gen) -> Value: WindowsUpdate -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Login access (Trojan.Agent) -> Value: Windows Login access -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKEY_CURRENT_USER (Trojan.Agent) -> Value: HKEY_CURRENT_USER -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\Windows Update System (Trojan.Backdoor) -> Value: Windows Update System -> No action taken.

Etkilenmiş Veri Öğeleri:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
c:\Windows\nvsvc32.exe (Backdoor.Bot) -> No action taken.
c:\Windows\csrss.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\tskmanager.exe (Trojan.LVBP) -> No action taken.
c:\Windows\smss.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\windns.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\hidserv.exe (Worm.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\install\svchost.exe (Spyware.Banker) -> No action taken.
c:\Windows\winudpmgr.exe (Worm.Agent) -> No action taken.
c:\program files (x86)\F704A.dll (Adware.Fluxeos) -> No action taken.
c:\Users\PC\AppData\Roaming\microsoft\svchost.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\15512170203217.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\78481612914593.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\870020436486.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\97731510914974.exe (Trojan.Agent) -> No action taken.
c:\Windows\wibrf.jpg (Malware.Trace) -> No action taken.
c:\Windows\wiybr.png (Malware.Trace) -> No action taken.
c:\Users\PC\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.
c:\Users\PC\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
c:\Windows\Temp\dwm.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
c:\Users\PC\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.
c:\Windows\Temp\facebook.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\smss.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\ZiNixZ.txt (Stolen.Data) -> No action taken.
c:\Windows\lsass1.exe (Backdoor.IRCBot) -> No action taken.
c:\Windows\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Veritabanı sürümü: 7419

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10.08.2011 02:03:56

mbam-log-2011-08-10 (02-03-40).txt

Tarama kipi: Derin tarama (C:\|D:\|E:\|)

Taranmış öğeler: 268362

Geçen süre: 1 saat, 14 dakika, 29 saniye


Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 5
Etkilenmiş Kayıt Değerleri: 5
Etkilenmiş Veri Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 31

Etkilenmiş Hafıza İşlemleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
HKEY_CLASSES_ROOT\CLSID\{76F0CSL2-43N2-LS44-11D5-43WCS7582I71} (Spyware.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{76F0CSL2-43N2-LS44-11D5-43WCS7582I71} (Spyware.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

Etkilenmiş Kayıt Değerleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Spyware.Banker) -> Value: HKLM -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Spyware.Banker) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Spyware.Banker) -> Value: HKCU -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Spyware.Banker) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HKEY_CURRENT_USER (Trojan.Agent) -> Value: HKEY_CURRENT_USER -> No action taken.

Etkilenmiş Veri Öğeleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
c:\Users\PC\AppData\Roaming\install\svchost.exe (Spyware.Banker) -> No action taken.
c:\Users\PC\downloads\Programs\facebook-pic000934519.exe (Backdoor.Bot) -> No action taken.
c:\Windows\System32\explorer102.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\explorer139.exe (Worm.Agent) -> No action taken.
c:\Windows\System32\explorer15.exe (Malware.Gen) -> No action taken.
c:\Windows\System32\explorer154.exe (Worm.Agent) -> No action taken.
c:\Windows\System32\explorer161.exe (Spyware.Banker) -> No action taken.
c:\Windows\System32\explorer26.exe (Spyware.Banker) -> No action taken.
c:\Windows\System32\explorer4.exe (Worm.Agent) -> No action taken.
c:\Windows\System32\explorer43.exe (Spyware.Banker) -> No action taken.
c:\Windows\System32\explorer50.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\explorer84.exe (Worm.Agent) -> No action taken.
c:\Windows\System32\Ganja145.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\msconfig.exe (Trojan.VBKrypt) -> No action taken.
c:\Windows\SysWOW64\explorer102.exe (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\explorer139.exe (Worm.Agent) -> No action taken.
c:\Windows\SysWOW64\explorer15.exe (Malware.Gen) -> No action taken.
c:\Windows\SysWOW64\explorer154.exe (Worm.Agent) -> No action taken.
c:\Windows\SysWOW64\explorer161.exe (Spyware.Banker) -> No action taken.
c:\Windows\SysWOW64\explorer26.exe (Spyware.Banker) -> No action taken.
c:\Windows\SysWOW64\explorer4.exe (Worm.Agent) -> No action taken.
c:\Windows\SysWOW64\explorer43.exe (Spyware.Banker) -> No action taken.
c:\Windows\SysWOW64\explorer50.exe (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\explorer84.exe (Worm.Agent) -> No action taken.
c:\Windows\SysWOW64\Ganja145.exe (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\msconfig.exe (Trojan.VBKrypt) -> No action taken.
c:\Windows\Temp\netgear.exe (Trojan.Agent) -> No action taken.
c:\Users\PC\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
c:\Users\PC\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
c:\Users\PC\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Veritabanı sürümü: 7419

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10.08.2011 02:11:50

mbam-log-2011-08-10 (02-11-50).txt

Tarama kipi: Derin tarama (C:\|D:\|E:\|)

Taranmış öğeler: 268362

Geçen süre: 1 saat, 14 dakika, 29 saniye


Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 5
Etkilenmiş Kayıt Değerleri: 5
Etkilenmiş Veri Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 31

Etkilenmiş Hafıza İşlemleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
HKEY_CLASSES_ROOT\CLSID\{76F0CSL2-43N2-LS44-11D5-43WCS7582I71} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{76F0CSL2-43N2-LS44-11D5-43WCS7582I71} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Etkilenmiş Kayıt Değerleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Spyware.Banker) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Spyware.Banker) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Spyware.Banker) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Spyware.Banker) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HKEY_CURRENT_USER (Trojan.Agent) -> Value: HKEY_CURRENT_USER -> Quarantined and deleted successfully.

Etkilenmiş Veri Öğeleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
c:\Users\PC\AppData\Roaming\install\svchost.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Users\PC\downloads\Programs\facebook-pic000934519.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer102.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer139.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer15.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer154.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer161.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer26.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer4.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer43.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer50.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\explorer84.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\Ganja145.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\msconfig.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer102.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer139.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer15.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer154.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer161.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer26.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer4.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer43.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer50.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\explorer84.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\Ganja145.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\msconfig.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
c:\Windows\Temp\netgear.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\PC\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\PC\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\PC\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello coolrecep: :welcome:

Here are the steps needed to get your computer cleaned:

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal - HijackThis Logs subforum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    , skipping any steps you are unable to complete. Then post a
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:
Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
or
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

Thanks for your report on those items - :)

Malwarebytes will never remove all infections by itself, and this shows that a good Antivirus is always required -

You can choose to have the Experts to recheck your system fully if you wish (See the directions above).

But if you are happy with the results given by Malwarebytes with a good Antivirus then we are happy for you - :)

Again thanks for the report -

Link to post
Share on other sites

You are welcome.

Another addition: Even Spware Doctor could not clean all the threats. Especially, SpyRat created a lot of trouble. The one that creates xXx.xXx file in Temp folder.

After Spware doctor, I have installed SpyBot S&D, which was able to clean more malware. But the most successful one was Trojan Remover v6.8.2. I don't have logs of them tough.

Link to post
Share on other sites

  • Staff

Ok couple of questions.. Malwarebytes was run before spywaredoctor?

There are a decent amount of things in the spywaredoctor log that we should of deleted. After you ran us did you reboot so removal would be completed?

Most of the stuff otherwise in the sd logs was just traces and not active infections.

Link to post
Share on other sites

Ok couple of questions.. Malwarebytes was run before spywaredoctor?

There are a decent amount of things in the spywaredoctor log that we should of deleted. After you ran us did you reboot so removal would be completed?

Most of the stuff otherwise in the sd logs was just traces and not active infections.

Yes. MBAM was the first security software to be run on the system -if we don't count MSE which was already diabled by malware. As you can see on the reports, I performed more than one scan with MBAM and yes I rebooted the system. It cleaned a lot but not all of them.

After that, I ran Spyware Doctor but it was also not able to clean them all. Then Spybot S&D, then Trojan Remover.

And finally, I have installed Trend Micro Titanium 2011 and did a full scan and it came all clean.

That's all.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.