Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I May Have Poisoned My Computer To Death


  • Please log in to reply
25 replies to this topic

#1 mrikelen

mrikelen

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 31 May 2008 - 07:50 PM

I had something similar to this infection about a month ago when my wife gave my computer ebola with a trojan downloader. With your help (looking at existing problems) I was able to Forrest Gump my way through fixing it. I can't do that with this one. It disabled just about everything when it hit and I finally was able to get task manager and my antispyware/viral programs working again but they aren't really doing much. I can't get onto the internet except in safe mode w/ networking and I am completely at a loss. Just tell me what you want me to do.

Edited by Orange Blossom, 31 May 2008 - 08:06 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 31 May 2008 - 08:56 PM

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

I would rather save a program like sdfix for later

Do you have a healthy computer we could work with and a usb drive?

Edited by DaChew, 31 May 2008 - 08:56 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 mrikelen

mrikelen
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 31 May 2008 - 09:07 PM

Sadly, I only have the one computer to work on. I have used the SDfix before and saved it because I figured I would wind up using it again. I didn't this time because I didn't know what I had and didn't want to go around half-cocked.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 31 May 2008 - 09:19 PM

you need the latest version it was Updated 27th May 9am
Chewy

No. Try not. Do... or do not. There is no try.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:03 AM

Posted 31 May 2008 - 10:47 PM

Andy uploaded SDFix v1.187 tonight.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 mrikelen

mrikelen
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 June 2008 - 05:26 PM

I have the newest version of SDfix. Should I run that or is there something else that you want to do first. You said earlier that you didn't want to use SDfix right away so I'll wait for you to let me know what I am doing here.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 02 June 2008 - 05:31 PM

If you can't get on the internet in normal mode then run SDFix,

I would rather start with

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

MBAM in normal mode
Chewy

No. Try not. Do... or do not. There is no try.

#8 mrikelen

mrikelen
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 June 2008 - 07:16 PM

Okay, I downloaded and ran the MBAM program and it found a lot of things and and fixed them. I have the log file if you need it. It did something because I am back on the internet in normal mode. What next?

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 02 June 2008 - 07:50 PM

What next?


let's see that log file

how did you manage to get MBAM to run?
Chewy

No. Try not. Do... or do not. There is no try.

#10 mrikelen

mrikelen
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 June 2008 - 07:53 PM

Malwarebytes' Anti-Malware 1.14
Database version: 816

7:36:05 PM 6/2/2008
mbam-log-6-2-2008 (19-35-55).txt

Scan type: Quick Scan
Objects scanned: 36680
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 32
Registry Values Infected: 10
Registry Data Items Infected: 1
Folders Infected: 22
Files Infected: 77

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayyXOGV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqNGAQJ.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyxogv (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{679271cd-e70e-44c8-98ea-f010e6340fe0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{679271cd-e70e-44c8-98ea-f010e6340fe0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d4f24249 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7c171d5 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\QdrModule13 (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqngaqj -> No action taken.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> No action taken.
C:\Program Files\myCleanerPC (Rogue.MyCleanerPC) -> No action taken.
C:\Program Files\AntiVirusPro (Rogue.AntiVirusPro) -> No action taken.
C:\Program Files\AntiVirusPro\Quarantine (Rogue.AntiVirusPro) -> No action taken.
C:\Program Files\Bat (Adware.Batco) -> No action taken.
C:\Program Files\stc (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\ITMP (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\myCleanerPC (Rogue.MyCleanerPC) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\BrowserObjects (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuAllUsers (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuCurrentUser (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnce (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnceEx (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnce (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\The Smith Family\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnceEx (Rogue.AntiVirusPro) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> No action taken.

Files Infected:
C:\WINDOWS\system32\yayyXOGV.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\The Smith Family\lsass.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K3WZFV6U\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X3PAG55Z\kb713501[1] (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dlvehxql.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\ftp34.dll (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\L637.tmp (Adware.ClickSpring) -> No action taken.
C:\WINDOWS\system32\mgsfgaxb.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\opnomjkH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qxrfmwvl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\udfxdani.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyAqQgG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yiebmusi.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\drivers\videoprtt.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
C:\winlogon.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\The Smith Family\Local Settings\Temporary Internet Files\Content.IE5\GZIJK3M5\kb713501[1] (Trojan.LowZones) -> No action taken.
C:\Documents and Settings\The Smith Family\ftp34.dll (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\LocalService\ftp34.dll (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\The Smith Family\Local Settings\Temp\is-NU6HQ.tmp\is-GMJ1V.tmp (Trojan.Downloader) -> No action taken.
C:\Program Files\myCleanerPC\MyCleanerPCInner.EXE (Rogue.MyCleanerPC) -> No action taken.
C:\Program Files\myCleanerPC\Setup.INI (Rogue.MyCleanerPC) -> No action taken.
C:\Program Files\Bat\Bat.dll (Adware.Batco) -> No action taken.
C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\ITMP\dutdtx2.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\loader.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\internet.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\vbpdtvdp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\winself.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\The Smith Family\cftmon.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\stkrvutv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lfmjtnhk.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\urqNGAQJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> No action taken.

Here's the log file. I ran it in safe mode with networking. I can run it again now that it is installed in normal mode if you like.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 02 June 2008 - 07:56 PM

MBAM works much better in normal mode as it's rootkit scanner only engages that way

AFAIK

I don't have a Q clearance
Chewy

No. Try not. Do... or do not. There is no try.

#12 mrikelen

mrikelen
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 03 June 2008 - 04:27 PM

I ran it in normal mode this time. I have the log if you need it. The computer is running a whole lot better now. Is there anything else that you want me to do at this point?

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 03 June 2008 - 04:31 PM

I would like to see 2 more logs, the first normal mode one and if all the infection symptoms have disappeared another one showing a clean computer, if something keeps coming back then we procede to another scanner or sdfix

Edited by DaChew, 03 June 2008 - 04:31 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#14 mrikelen

mrikelen
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 03 June 2008 - 04:59 PM

Malwarebytes' Anti-Malware 1.14
Database version: 816

9:36:49 PM 6/2/2008
mbam-log-6-2-2008 (21-36-43).txt

Scan type: Quick Scan
Objects scanned: 37230
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayyXOGV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqNGAQJ.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyxogv (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eb6d3765-c056-4fe6-8428-6f9ba2e96773} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb6d3765-c056-4fe6-8428-6f9ba2e96773} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9aee7fa8-0da7-4c8a-8b3e-fbb6b979c657} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd7c171d5 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\QdrModule13 (Adware.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayyXOGV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lfmjtnhk.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\urqNGAQJ.dll (Trojan.Vundo) -> No action taken.


Here is the normal mode log file.

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:03 AM

Posted 03 June 2008 - 05:29 PM

well backdoor and banker are 2 very red flags, you do know that any information on that computer has been compromised

symptoms and the clean log?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users