Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tte.tmp (trojan.downloader)


  • Please log in to reply
No replies to this topic

#1 ryankeast

ryankeast

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 03 July 2008 - 01:05 PM

Hi there,

My dad's computer has become infected with numerouse trojans. I have run a Malware scan on the machine and it is no longer rebooting constanly with a BSOD. However, I am not convinced the virus has been fully removed.

The PC still show Antivirus XP 2008 an Register Antivirus XP 2008 on his Startr Menu (but no Icons) and alos the wallpaper is bright blue (not defaulting back to his previous wallpaper)

I attach the log so that one of you can help with making sure the virus is fully cured - Many Thanks

Malwarebytes' Anti-Malware 1.19
Database version: 918
Windows 5.1.2600 Service Pack 2

18:54:09 03/07/2008
mbam-log-7-3-2008 (18-54-09).txt

Scan type: Quick Scan
Objects scanned: 40281
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 50

Memory Processes Infected:
C:\WINDOWS\system32\lphccumj0el0l.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\jkkIAPIx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\blphccumj0el0l.scr (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc89a0ef-0420-4898-9419-63d9c272992e} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1eb4bf0f-852f-4b75-b8fb-21edaf9dc3c8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1eb4bf0f-852f-4b75-b8fb-21edaf9dc3c8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkiapix (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e89a6b78 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\BootCheck (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1eb4bf0f-852f-4b75-b8fb-21edaf9dc3c8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccumj0el0l (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\734914 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\qgusihdc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cdhisugq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\45.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys97.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\734914\734914.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\BootCheck.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQjIcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdEXPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBspmli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIAPIx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blphccumj0el0l.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphccumj0el0l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Edited by Orange Blossom, 03 July 2008 - 06:49 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users