Jump to content

stolen.data trojan found


Recommended Posts

I just want to make sure I don't need to run anything else after 5 Stolen.Data trojans were found on my sons laptop. He had just purchased something online, so I appreciate your help.

I noticed you've suggested to run DSS in other cases and wondered whether you would suggest that or have I eradicated the trojen.

Here's the log from the scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 7882

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/6/2011 7:58:05 AM

mbam-log-2011-10-06 (07-58-05).txt

Scan type: Full scan (C:\|)

Objects scanned: 535558

Time elapsed: 2 hour(s), 37 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 5

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdater (Backdoor.Agent) -> Value: winupdater -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Value: winlogon -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Defender (Backdoor.PWin.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\dclogs.sys (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Brandon\AppData\Roaming\youtube.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I updated Malwarebytes and ran another scan after removing and rebooting.

Here's the results

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7884

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/6/2011 8:11:09 AM

mbam-log-2011-10-06 (08-11-09).txt

Scan type: Quick scan

Objects scanned: 230186

Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

thank you in advance!

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.