Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Trojans [Moved]


  • Please log in to reply
5 replies to this topic

#1 LoCoELF

LoCoELF

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 22 July 2009 - 10:39 PM

Hello,

Thank you for taking the time to read this and I'm hopeful that I'll be able to get some assistance and get this problem fixed. I've seen this problem around, so I'm sure some of you are aware of it.

My windows defender prompts with the:

TrojanDownloader:Win32/Renos.IO

I've searched on the forums and tried some things from other threads, the only problem I'm not able to run some programs due to this virus. Hijackthis doesn't work, nor does malwarebytes which seems to be a popular program. I click run, and it does absolutely nothing (If I change the name of the file on desktop, it will load but give me a windows error that the program has stopped working right away). Some programs like Adaware & ATF-Cleaner have worked, so I guess it's hit or miss. (I tried running the programs in safe mode, same issue)

Everything seems to boot up fine. I get internet explorer ad popups now, and a net.net file that wants me to find an appropriate program to run it when I get my computer booted up. Weird things like a.exe, b.exe and other werid names have now taken over my processes in task manager.

With that being said, I'm willing to do whatever it takes to get this removed barring that I'm able to run the program. I work and live on my computer, so I'll be around all the time trying to get this fixed ASAP. If anybody can lend a hand I would much appreciate it.

Thanks.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:02 AM

Posted 22 July 2009 - 10:40 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 AM

Posted 22 July 2009 - 11:35 PM

Hello let's try Fatdcuk's fix.

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan click Remove Selected and then reboot.


Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 LoCoELF

LoCoELF
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 22 July 2009 - 11:49 PM

Thanks for the rseponse boopme!

Your trick worked. Here is what you requested.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6002 Service Pack 2

7/22/2009 9:45:27 PM
mbam-log-2009-07-22 (21-45-22).txt

Scan type: Quick Scan
Objects scanned: 79627
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{1fd79a59-37b1-459b-9097-09f9fab8a523} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b97f9125-71a1-48d0-b920-f140ef8de809} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\XviDplg.dll (Trojan.BHO) -> No action taken.
C:\Windows\msb.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\uacinit.dll (Trojan.Agent) -> No action taken.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.

#5 LoCoELF

LoCoELF
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 23 July 2009 - 12:24 AM

I'm getting help for this on WTT forums.

Thanks!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 AM

Posted 23 July 2009 - 09:23 AM

Hi, OK, I'm not sure who WTT is, but thanks and good luck to you!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users