Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware trouble; please help!


  • Please log in to reply
3 replies to this topic

#1 Obadiah

Obadiah

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 16 March 2009 - 07:35 AM

Hi there, I hope that someone might be able to help me?

I have had some malware (Trojans) on my notebook, running Vista HP. I ran MBAM, which picked up 7 files and removed them successfuly. I just wondered if you might look at the log, and see if you think that this has solved problems, or if I need to take further action?

Thanks very much :thumbsup:

Log:

Malwarebytes' Anti-Malware 1.34
Database version: 1854
Windows 6.0.6001 Service Pack 1

16/03/2009 12:09:52
mbam-log-2009-03-16 (12-09-52).txt

Scan type: Quick Scan
Objects scanned: 63164
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\xxxx\AppData\Roaming\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\xxxx\AppData\Roaming\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\xxxx\AppData\Roaming\sysproc64\sysproc32.sys.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\xxxx\AppData\Roaming\sysproc64\sysproc86.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\xxxx\AppData\Roaming\oembios.exe (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 cod head

cod head

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 16 March 2009 - 09:06 AM

It looks like Malwarebytes has done its job But I would have done a full scan and not a quick one if I had malware trouble.Also I would be inclined to get a second opinion to make sure.Dr.Web Cure it is a good piece of kit.Its a downloadable non resident virus scanner that will not conflict with your own a.v.B.T.W.have you run your own a.v.also as I would have.Back to Dr.Web.This is a freeware app so you have nothing to lose.Download it and run a scan.If it finds anything it will tell you what to do.Once its finished it will disappear leaving a log behind.You can get it @ www.freedrweb.com.

Edited by cod head, 16 March 2009 - 09:35 AM.


#3 Obadiah

Obadiah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 16 March 2009 - 11:29 AM

Thanks for that cod head,

I ran my McAfee AV, and it didn't find anything. Also ran DrWeb (didn't know about that one :flowers: ) in full scan, and that came up clean, so it looks good. Will have to be more careful in future.

Thanks again!
:thumbsup:

#4 Obadiah

Obadiah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 16 March 2009 - 01:59 PM

Thanks garmanma. Apologies for posting in wrong forum.

Topic moved Here :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users