Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Cutwail.gen!B


  • Please log in to reply
1 reply to this topic

#1 Yoshi667

Yoshi667

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 05 September 2008 - 08:05 PM

Hi I'm kinda new to this and I found you guys after a google search of Spammer:Win32/Cutwail.gen!B so I figured this was the right place to post. I did everything you guys said and I came up with this.

Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 5.1.2600 Service Pack 2

5/09/2008 4:45:17 PM
mbam-log-2008-09-05 (16-45-10).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 195365
Time elapsed: 2 hour(s), 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 71

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winxg75 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winxg75 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winxg75 (Rootkit.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP230\A0010356.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP230\A0010373.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP231\A0010390.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP232\A0010399.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP232\A0010407.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP232\A0010410.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP232\A0010427.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP233\A0010446.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP234\A0010468.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP236\A0010489.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP236\A0010490.exe (Trojan.Pakes) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP236\A0010491.exe (Backdoor.Rustock) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP236\A0010492.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP236\A0010494.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP236\A0010517.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP237\A0010530.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP237\A0010531.exe (Worm.P2P) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP237\A0010550.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP238\A0010567.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP239\A0010574.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP239\A0010598.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP240\A0010617.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP242\A0010638.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP242\A0010652.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP242\A0010663.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP243\A0010672.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP244\A0010694.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP245\A0010711.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP245\A0010714.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP246\A0010736.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP247\A0010745.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP247\A0010758.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP248\A0010774.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP250\A0010784.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP251\A0010802.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP252\A0010821.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP253\A0010836.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP254\A0010857.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP254\A0010871.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP255\A0011871.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP255\A0011888.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP256\A0011899.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP256\A0011908.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP256\A0011913.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP257\A0012913.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP257\A0012926.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP258\A0012931.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP258\A0012947.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP259\A0012975.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP260\A0012982.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP261\A0012997.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP262\A0013025.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP263\A0013034.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP264\A0013053.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP265\A0013074.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP266\A0013148.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP267\A0013167.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP268\A0013174.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP269\A0013184.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP270\A0013199.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP271\A0013223.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP272\A0013230.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP274\A0013382.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP274\A0013390.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP274\A0013397.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP275\A0013423.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP276\A0013756.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{340074B4-08EE-40A9-B7D4-B4A919346129}\RP276\A0013786.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\Winxg75.sys (Rootkit.Agent) -> No action taken.

I have removed all of these but I am at a loss as to how these things got onto my computer in the first place, I have had no noticeable issues and I have AVG and run Adaware, Spybot, Registry Scrub and Ccleaner frequently. I am slightly concered about these as I did networking and understand the risks of these malware and the threats this poses to my home network but unfortunately my machine is custom built and alot of the things on here I do not have the discs for :thumbsup: so a wipe and format is out unless I can find and re-aquire these programs.
Can you guys think of anything else I can do to further scrub my machine? I have changed the passwords on another computer and rarely use internet banking but it is mainly my online games that I am worried about. Thanks in advance and I hope to hear back from you guys. Have a good one. :flowers:

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 06 September 2008 - 04:14 AM

Hi,

Please make a new scan with MBAM, and post the logfile in your next reply. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users