Jump to content

Help with Trojan

borogorn

By borogorn
in Resolved Malware Removal Logs

 Share

Recommended Posts

borogorn

borogorn

Posted
Posted

Hi, I hope you can help me out.

My computer has been infected with win32/Zbot , AVG seems to have removed a lot of these files but I suspect my computer is not totally clean. AVG detected the initial virus and blocked it, but somehow it still got in.

It has removed over 100 Win32/Zbot.G viruses found in various locations. It also found Trojan horse Hider.MPR which it said has been deleted. This was found in AppData\Local\Temp\vwtpuiwg.sys

It also put an icon on my desktop, the icon was a quill and ink pot and names with random numbers and it wouldn't let me delete it at first. I disconnected from the internet and rebooted. Using windows defender I removed the start up programs that had been added, these were connected to this icon that had been added. I then manually searched through the local temp files and deleted at least 6 identical files that also had this quill and ink pot icon along with some strange text files that had been created on the day of the virus.

I have run PC safe doctor and that is clear. I then found this forum posting with similar issues. Attached are the GMER and OTL logs. Malware bytes posted below.

I am worried that ports have been opened etc and that security is compromised. If it is clear but the security is still questionable should I format the computer?

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7893

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19120

07/10/2011 12:56:00

mbam-log-2011-10-07 (12-56-00).txt

Scan type: Quick scan

Objects scanned: 241644

Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Regards

Borogorn

ark.zip

Link to post
Share on other sites
borogorn

borogorn

Posted
  • Author
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Hi,

Thank you for the reply. I panicked and re-installed Windows.

Took ages setting it all back up again. When I finally got it up and running I scanned C: with AVG and it found a root kit in the windows.old file.

"C:\Windows.old\ProgramData\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log";"Hidden file";"Object is inaccessible."

I forced AVG to delete this.

Is there a chance that I could still have a problem? If so let me know what to do.

Cheers

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.