BleepingComputer.com: Infected with Trojans/Rootkits..>

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Infected with Trojans/Rootkits..> Avast/Malwarebytes found stuff... am i still infected?

#1 User is offline   IntoTheVoid 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 26-August 09

Posted 07 November 2010 - 08:54 AM

SO i was surfing the web on and AVAST popped up notifying me that it detected a virus. I moved it to the chest. It was a rootkit according to avast. I quickly tried to kill my internet connection, and I ran a quick MalwareBytes and it found more stuff. I updated MalwareBytes and did a second quick scan which found nothing. What should i do next??? I have put some logs here, so please let me know what i should do next? Am i still infected.

Avast found the following, which i moved to the chest.

11/6/2010 10:21:19 PM SYSTEM 1380 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\TEMP\317o3oC9.sys" file.



MBAB log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4994

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/6/2010 10:49:53 PM
mbam-log-2010-11-06 (22-49-53).txt

Scan type: Quick scan
Objects scanned: 167356
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.247,93.188.160.247 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b34f0a6-b982-43cd-b2e3-9453cc320237}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.247,93.188.160.247 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b34f0a6-b982-43cd-b2e3-9453cc320237}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.247,93.188.160.247 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abe747dc-842c-4d73-87bf-0f4d51ce329a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.247,93.188.160.247 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spool\prtprocs\w32x86\sK55g.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\31q9w1u9 (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sean\Local Settings\Temp\0.5957460035342548.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

----------

ALso While Performing a quick scan using AVAST it found the following ; D:\i386\Apps\App26084\mfu-uscan_eng.exe - Sign of "Win32:Malware-gen" ** I didn't delete/move to chest because i wasn't sure if it was a false positive or not. Please help.

11/7/2010 9:10:56 AM Sean 436 Sign of "Win32:Malware-gen" has been found in "D:\i386\Apps\App26084\mfu-uscan_eng.exe" file.

This post has been edited by IntoTheVoid: 07 November 2010 - 09:18 AM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users