Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojans: Trojan.BHO, Adware.Vomba, Trojan.Fakealert, Fake.SystemTool


  • This topic is locked This topic is locked
2 replies to this topic

#1 txsoccerstar

txsoccerstar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 October 2009 - 10:20 PM

I have been infected with some serious trojans


MBAM Scan results identified these 6 viruses/trojans:

Trojan.BHO - file
Adware.Vomba - Registry Key
Trojan.Fakealert - Registry Key
Fake.SystemTool - Registry Value
Fake.SystemTool - File
Fake.SystemTool - Registry Value
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Here's what I am getting:
- A fake program "Antivirus System Pro" runs on startup now
- gives repeated popups anytime I try to run a program (even Task Manager & svchost.exe) "Security Warning..."
- popup alert in bottom right corner that says
"Antivirus System Pro alert
INFILTRATION ALERT
Your computer is being attacked by an internet Virus. It could be a password-stealing attack, a trojan- dropper or similar.
DETAILS
attack from: 166.15.38.109, port 65207
...."


here's my malwarebytes log:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/15/2009 9:30:35 PM
mbam-log-2009-10-15 (21-30-28).txt

Scan type: Quick Scan
Objects scanned: 118038
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Tool (Fake.SystemTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Tool (Fake.SystemTool) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.BHO) -> No action taken.
C:\Program Files\cgpimw\tixrsysguard.exe (Fake.SystemTool) -> No action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

please let me know if you need anything else!

Thanks

Attached Files


Edited by txsoccerstar, 16 October 2009 - 03:36 PM.


BC AdBot (Login to Remove)

 


#2 txsoccerstar

txsoccerstar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 October 2009 - 03:36 PM

never mind. problem solved now. MalwareBytes Anti-Malware successfully quarantined the trojans.

[CLOSE TOPIC.]

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 16 October 2009 - 05:24 PM

Thanks for letting us know txsoccerstar. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users