Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msb.dll and nsrbgxod.bak [Moved]


  • This topic is locked This topic is locked
3 replies to this topic

#1 LuzaMink

LuzaMink

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 25 May 2009 - 12:16 AM

Hey everyone. I seem to have somehow picked up these two files recently, and I'm not entirely sure how to get rid of them. I've tried everything, from running a bevy of antispyware and antivirus programs, beating on it with Malwarebytes, and even trying to unlock it from the processes and delete it. Nothing's worked so far, and it's making me angry. What's worse, since I can't get rid of it, it seems to constantly be redownloading spyware I've been deleting.

So, perhaps you helpful people can give me a hand here. Here's my MBAM log.

Malwarebytes' Anti-Malware 1.36
Database version: 2158
Windows 5.1.2600 Service Pack 2

5/25/2009 12:10:43 AM
mbam-log-2009-05-25 (00-10-43).txt

Scan type: Quick Scan
Objects scanned: 95796
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\msb.dll (Spyware.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Saavedra\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:44 PM

Posted 25 May 2009 - 01:04 AM

Because the above log is a MBAM log, I am moving this topic from the specialized HJT forum to the Am I Infected forum.

Did you reboot after running MBAM? If not, please do so.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 25 May 2009 - 01:14 AM

Oops, sorry about this. I totally forgot that it was HJT, not MBAM you needed a logfile of.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:44 PM

Posted 26 May 2009 - 01:50 AM

Since you have posted a fresh topic here: http://www.bleepingcomputer.com/forums/t/229215/infected-with-msbdll-and-nsrbgxodbak/, this one shall be closed to avoid confusion. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users