Jump to content

Flying Under the Radar

Screener

By Screener
in Resolved Malware Removal Logs

 Share

Recommended Posts

Screener

Screener

Posted
Posted

Seem to be Infected?? I first noticed chrome and IE being redirected.

I loaded and ran MBAM and removed 2 Trojans, Now MBAM is now warning that it is blocking traffic to malicious sites but does not report malicious software. Can someone help me with this please?

Here are the logs == MBAM on the 21st -- Looks like it removed a couple trojans

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7763

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/21/2011 12:28:05 PM

mbam-log-2011-09-21 (12-28-05).txt

Scan type: Quick scan

Objects scanned: 434723

Time elapsed: 18 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Program Files\Internet Explorer\Iexplore.exe" %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\gryan\application data\adobe\plugs\mmc251062734.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\gryan\application data\adobe\plugs\mmc251116921.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

===========After completion of this log I began getting warning of interceptions to some websites registered in the Bahamas.

here is the protection log =====================

11:05:22 gryan MESSAGE Protection started successfully

11:05:27 gryan MESSAGE IP Protection started successfully

12:38:52 gryan MESSAGE Protection started successfully

12:39:12 gryan MESSAGE IP Protection started successfully

12:44:37 gryan IP-BLOCK 195.3.145.251 (Type: outgoing)

12:44:40 gryan IP-BLOCK 195.3.145.251 (Type: outgoing)

12:44:46 gryan IP-BLOCK 195.3.145.251 (Type: outgoing)

12:44:58 gryan IP-BLOCK 195.3.145.251 (Type: outgoing)

12:45:22 gryan IP-BLOCK 195.3.145.251 (Type: outgoing)

12:45:56 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:45:59 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:05 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:17 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:23 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:26 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:32 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:41 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:44 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:44 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:47 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:46:53 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:05 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:05 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:08 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:08 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:14 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:20 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:23 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:26 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:29 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:29 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:37 gryan IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:40 gryan IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:41 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:41 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:44 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:46 gryan IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:50 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:50 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:50 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:53 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:53 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:55 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:57 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:58 gryan IP-BLOCK 208.73.210.29 (Type: outgoing)

12:47:58 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:47:59 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:01 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:04 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:07 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:11 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:16 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:17 gryan IP-BLOCK 208.87.33.151 (Type: outgoing)

12:48:18 gryan IP-BLOCK 69.6.27.100 (Type: outgoing)

........truncated.........

============= Todays protection log looks basically the same and Here is the latest MBAM Log, Obviously lots of website blocking still going on but clean bill of health from MBAM========

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7802

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/26/2011 12:54:16 PM

mbam-log-2011-09-26 (12-54-16).txt

Scan type: Quick scan

Objects scanned: 294577

Time elapsed: 11 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attach.zip

Link to post
Share on other sites
Screener

Screener

Posted
  • Author
Posted

Thanks, I guess, I read all the advice I could here. Since everyone was so busy I downloaded a copy of AVG and dis a scan. Their tool identified TDSS L4 root kit. I used the TDSS root kit removal tool from Kaspersky. Seems to have worked completely. Now I have my PC back. Thanks anyway.

Screener out.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.