Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iuser_admin


  • Please log in to reply
3 replies to this topic

#1 lo6308

lo6308

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 22 September 2008 - 10:46 PM

I also have had this problem with the IUSER_admin. I've posted before. I've used all of the anti-virus free programs that have been suggested. I've tried the safe mode that has been suggested, but I'm still waiting for anyone to find the origin of this problem or to find a resolution to it. Here's my log as suggested above:

Malwarebytes' Anti-Malware 1.28
Database version: 1196
Windows 5.1.2600 Service Pack 2

9/22/2008 11:36:52 PM
mbam-log-2008-09-22 (23-36-52).txt

Scan type: Quick Scan
Objects scanned: 55251
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\andt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Indt2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.


Hope someone can spot something that may have caused it, or can come up with a solution. It seems to be a problem that is growing.

Thank you.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 22 September 2008 - 10:55 PM

What happens if you scan again with Malwarebytes? Does the infection keep showing up?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 lo6308

lo6308
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 22 September 2008 - 11:53 PM

Second scan shows no infections. Looks good for now, but this IUSER-admin thing has a history of reappearing. I've tried other a lot of suggestions, but it has just kept coming back. Looks good for now. I'm just like a lot of other people, though, concerned that it's something like a bad cold that can pop up for no known reason.

Has anyone figured out what caused it in the first place? In looking through Google, the problem is compounding and is global.

I'm glad to see a clean scan, but just bothers me not knowing what caused it in the first place.

Thanks

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 23 September 2008 - 12:02 AM

Your log showed a Rootkit infection. Some of these can be very nasty and you should probably consider all your online passwords compromised.

Also, check that your Java is up-to-date. Old versions of Java have vulnerabilities that malware can exploit.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users