Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RE: TrojanDownloader:Win32/Renos.IO - What should I do?, Help! I seem to be affected with a virus!


  • Please log in to reply
1 reply to this topic

#1 CompHelpPlz

CompHelpPlz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 19 July 2009 - 12:29 PM

First time poster. In doing a little research it appears I'm facing the same issue as Firzan (posted on 6/15/09).

"Hello, everyone. This is my first post here after reading numerous topics on virus removal. So, HI!

Anyway, I am using a Windows Vista and one day, I discovered a pop-up by Windows Defender stating that the virus "Trojan Downloader:Win32/Renos.IO" has been found in my system. I clicked on the "Remove" button and carried on as per usual.

However, it strucked again numerous times. It has almost been a week. Fortunately, I assume that my case is not so serious yet as everything seems to be working fine. I read that in serious cases, the Internet Explorer crashes. Well, so far, that has not occurred.

So, uhm, yeah. I need help! I've had about more than five serious virus cases and since this is in the early stages, I want to take action and remove it fast before it gets out of hand.

Anyway, one more request. Can you help me check if my computer is completely clean and free of viruses.

Thank you and have a nice day."


I have run MBAM and will post the log. I received an access is denied message when trying to run step 1 of SMITFRAUDFIX. Thanks in advance for any assistance from here!!

MBAM log:

Malwarebytes' Anti-Malware 1.39
Database version: 2462
Windows 6.0.6000

7/19/2009 11:43:46 AM
mbam-log-2009-07-19 (11-43-46).txt

Scan type: Quick Scan
Objects scanned: 80900
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
C:\Users\Matt\AppData\Local\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Matt\AppData\Local\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.
c:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\29F5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\29F5.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\2EC8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\2EC8.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\3527.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\3527.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\39EB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\39EB.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\7C87.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\7C87.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\9349.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\9349.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\9BB7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Matt\AppData\Local\Temp\Low\9BB7.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 20 July 2009 - 05:40 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.




Please Update, then rerun a Full Scan with Malwarebytes. Then please post back the log
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users