Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008
I think i got more malware on. I believe it started when my sister inserted her flash disk on my pc.
What do i do?
Edited by Kim.Nejudne, 21 November 2008 - 05:29 AM.
Posted 21 November 2008 - 05:27 AM
Edited by Kim.Nejudne, 21 November 2008 - 05:29 AM.
Posted 21 November 2008 - 11:10 AM
Posted 22 November 2008 - 01:27 AM
Malwarebytes' Anti-Malware 1.30
Database version: 1415
Windows 5.1.2600 Service Pack 2
11/22/2008 2:25:00 PM
mbam-log-2008-11-22 (14-25-00).txt
Scan type: Quick Scan
Objects scanned: 56892
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b385ee3-ee18-4c69-bf55-6b6b406ef591} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virtrigger (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virtrigger (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virtrigger (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\VMware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Rev. Raul Nejudne\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusTrigger 2.1.lnk (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rev. Raul Nejudne\Desktop\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rev. Raul Nejudne\Desktop\wmcodec_update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rev. Raul Nejudne\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rev. Raul Nejudne\Start Menu\AntivirusTrigger 2.1.lnk (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rev. Raul Nejudne\Desktop\AntivirusTrigger 2.1.lnk (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
Posted 22 November 2008 - 02:03 AM
It didn't seem to create any hidden folder on my flash drive.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Posted 22 November 2008 - 11:05 PM
Posted 23 November 2008 - 10:45 AM
Malwarebytes' Anti-Malware 1.30
Database version: 1417
Windows 5.1.2600 Service Pack 2
11/23/2008 9:42:09 PM
mbam-log-2008-11-23 (21-42-09).txt
Scan type: Quick Scan
Objects scanned: 57774
Time elapsed: 4 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\virtriggerwarning.warningbho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\virtriggerwarning.warningbho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/23/2008 at 11:26 PM
Application Version : 4.22.1014
Core Rules Database Version : 3648
Trace Rules Database Version: 1631
Scan type : Complete Scan
Total Scan Time : 01:24:00
Memory items scanned : 198
Memory threats detected : 0
Registry items scanned : 7353
Registry threats detected : 1
File items scanned : 202169
File threats detected : 5
Rogue.VirusTrigger
HKU\S-1-5-21-1844237615-861567501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0088C75C-6361-4DFB-B2CF-576CACFA3C55}
Adware.Tracking Cookie
C:\Documents and Settings\Rev. Raul Nejudne\Cookies\rev._raul_nejudne@ad.yieldmanager[2].txt
C:\Documents and Settings\Rev. Raul Nejudne\Cookies\rev._raul_nejudne@adinterax[2].txt
Trojan.Downloader/ZLob-WMCodec
C:\DOWNLOADS\WMCODEC_UPDATE.EXE
Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE
Rogue.FakeAlert
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20081121-175659-934.DLL
Posted 23 November 2008 - 02:44 PM
Posted 24 November 2008 - 08:58 AM
Malwarebytes' Anti-Malware 1.30
Database version: 1417
Windows 5.1.2600 Service Pack 2
11/24/2008 9:56:46 PM
mbam-log-2008-11-24 (21-56-46).txt
Scan type: Quick Scan
Objects scanned: 57221
Time elapsed: 5 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Rev. Raul Nejudne\Desktop\Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008.htm (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
Posted 24 November 2008 - 09:47 PM
Posted 26 November 2008 - 12:51 AM
Posted 26 November 2008 - 09:44 AM
Posted 28 November 2008 - 11:04 AM
Posted 28 November 2008 - 11:35 AM
0 members, 0 guests, 0 anonymous users