Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik Trojan help


  • Please log in to reply
1 reply to this topic

#1 elyswim

elyswim

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 13 July 2009 - 12:15 AM

Hi!
I recently got the Olmarik Trojan from an unknown source. I found a previous poster who had the same problem on this site, and am following the directions on that site, but I was hoping someone more knowledgeable than me in the antivirus field might be able to look at my "MBAM" log and tell me if there's anything additional I should do.

Malwarebytes' Anti-Malware 1.38
Database version: 2414
Windows 6.0.6000

7/13/2009 12:07:54 AM
mbam-log-2009-07-13 (00-07-54).txt

Scan type: Quick Scan
Objects scanned: 85608
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\USER\AppData\Local\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\bucksnet.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\bvitextiyn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\d.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\namcroexsw.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\nxrsaeowmc.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\UAC5f95.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\UAC63c9.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\UACaab8.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\UACb053.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\UACfa2.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\UACfb1.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Users\USER\AppData\Local\Temp\wxconsrmae.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msb.exe (Trojan.Agent) -> Delete on reboot.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Thank YOU!

BC AdBot (Login to Remove)

 


#2 elyswim

elyswim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 13 July 2009 - 12:15 PM

bump?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users