Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool, Trojan.Dropper and more. Need help


  • This topic is locked This topic is locked
4 replies to this topic

#1 helgisig67

helgisig67

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 20 October 2009 - 07:33 PM

Hello,
I have a very similar problem as some other people here.

For the last 3 days I'm been fighting an infection on my computer. I am almost certain that this came through my daughters limewire.

Symptom is a follows: Desktop is blank, all icons are gone. Also there is no background anymore and a fake fake app called security tool in the forground claiming computer is infected. Every time I disconnect network and use Task Manager to exit the fake 'security tool'. I then run full Malwarebytes scan which finds all kinds of Trojans including Trojan.Dropper and Trojan.FakeAlert. I then reboot computer, run full system scan with my Avira antivirus, followed with another run of Malwarebytes until neither scan comes up something new anymore.

Unfortunately, something is still lurking because shortly after I or another family member starts browsing the Internet (IE7), the security tool pops up again, desktop icons disappear and computer may even shutdown by itself. When it comes back up I am back to square one and Malewarebytes is detecting the same Trojans that I deleted few hours before.

Today I decidced to start searching for help on the net and found this forum. Below is a MBAM log file fromm earlier today after security tool showed up its ugly head again. After MBAM I ran DDS and its logfile is also here below. The Attached.txt is attached. When running rootrepeal, the computer freezes (tried it twice) and therefore not included.

Hope to hear from someone soon!
H.

================ MBAM Log file ==============

Malwarebytes' Anti-Malware 1.41
Database version: 3001
Windows 5.1.2600 Service Pack 3

10/20/2009 7:22:20 PM
mbam-log-2009-10-20 (19-21-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 237099
Time elapsed: 1 hour(s), 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13915221 (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13915221 (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Application Data\13915221\13915221.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Alysha\Local Settings\Temp\ie2F.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Alysha\Local Settings\Temp\ie7.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Alysha\Local Settings\Temp\ie86.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Rosalie\Local Settings\Temp\ie7.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Rosalie\Local Settings\Temp\ieA.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> No action taken.

=========== DDR.txt =======================

DDS (Ver_09-10-13.01) - NTFSx86
Run by Rosalie at 19:34:38.68 on Tue 10/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.592 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Rosalie\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Auto EPSON Stylus CX7400 Series on HOME-LAPTOP] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_S3C.tmp" /EF "HKCU"
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [D-Link AirPlus XtremeG DWL-G520] c:\program files\d-link\airplus xtremeg dwl-g520\AirPlusCFG.exe
mRun: [aniwzcs2service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
StartupFolder: c:\documents and settings\rosalie\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {48df87ee-f2de-11d8-be7f-302050c10805} - hxxp://www.flygimp.com/loadergimp.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8100d56a-5661-482c-bee8-afece305d968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXQkiIX

============= SERVICES / DRIVERS ===============

R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-2 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-15 54752]
R2 seaport;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 472832]
S0 awumzolf;awumzolf;c:\windows\system32\drivers\xrnrbt.sys --> c:\windows\system32\drivers\xrnrbt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2006-6-17 176640]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-8-28 582424]

=============== Created Last 30 ================

2009-10-20 19:27 <DIR> --d----- C:\getservice
2009-10-20 09:01 <DIR> --d----- c:\docume~1\rosalie\applic~1\Uniblue
2009-10-19 18:35 <DIR> --d----- c:\program files\Enigma Software Group
2009-10-18 19:43 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-18 14:37 <DIR> --d----- c:\docume~1\rosalie\applic~1\Malwarebytes
2009-10-18 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-10-18 14:14 <DIR> --d----- c:\program files\common files\XoftSpySE
2009-10-18 14:14 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-10-18 14:14 <DIR> --d----- c:\program files\XoftSpySE6
2009-10-18 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE
2009-10-17 17:04 <DIR> --d----- c:\program files\WinPcap
2009-10-16 15:37 26,112 a------- c:\windows\system32\stu2.exe
2009-09-30 20:35 <DIR> --d----- c:\program files\MSECache
2009-09-24 13:27 <DIR> --d----- c:\program files\iPod
2009-09-24 13:27 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-10-16 15:37 68,096 a------- c:\windows\system32\userinit.exe
2009-10-07 17:04 26,512 a---h--- c:\windows\system32\mlfcache.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2006-12-15 10:55 19,392 a------- c:\docume~1\rosalie\applic~1\GDIPFONTCACHEV1.DAT
2006-11-30 11:28 56,912 a------- c:\documents and settings\rosalie\g2mdlhlpx.exe
2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2005-05-22 13:30 56 ---shr-- c:\windows\system32\5A2FFAC3BC.sys
2006-10-31 19:14 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-03 22:59 993 a--sh--- c:\windows\system32\XIikQXbc.ini2
2008-09-20 15:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat

============= FINISH: 19:35:03.03 ===============

Attached Files


Edited by helgisig67, 20 October 2009 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:09 PM

Posted 27 October 2009 - 09:53 PM

Hello helgisig67,


RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen with briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
************

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13915221 (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13915221 (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Application Data\13915221\13915221.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Alysha\Local Settings\Temp\ie2F.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Alysha\Local Settings\Temp\ie7.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Alysha\Local Settings\Temp\ie86.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Rosalie\Local Settings\Temp\ie7.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Rosalie\Local Settings\Temp\ieA.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> No action taken.



Update your MBAM database, as it is out of date.

Your MBAM log shows "No action taken".
This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile.
Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal.
Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

Edited by SifuMike, 27 October 2009 - 09:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 helgisig67

helgisig67
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 28 October 2009 - 01:24 PM

Thanks for your reply, but I don't need help anymore
I couldn't wait any longer and therefore did a clean install on my system 3 days ago

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:09 PM

Posted 28 October 2009 - 02:20 PM

Thankd you for letting us know. Sometimes a reformat and reload is the best way to go.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:09 PM

Posted 04 November 2009 - 11:30 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users