Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Trojans/Backdoor.bot and lots of them,Please Help


  • Please log in to reply
1 reply to this topic

#1 pogogal

pogogal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 November 2009 - 12:48 PM

I have recently been hit by a pop up which started to infect my computer in so many ways.

My search results and being redirected to avabon.com and some other sites.My chrome doesn't open at all.Can't open any anti spyware websites.

I have mbam,superantispyware and nod32.

I turned the internet off and cleaned the computer after the process is done(found lots of stuff) I turned on the internet and BOOM trojans,backdoor dots kept pouring in.

I have no idea what to do,Please Help me.

I am running xp and here are the recent scan logs:


Mbam:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

11/12/2009 12:39:29 PM
mbam-log-2009-11-12 (12-39-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 130419
Time elapsed: 50 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> Quarantined and deleted successfully.




Nod 32

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ETJPRJN2\bot[1].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EYYVMP6U\bot[1].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EYYVMP6U\bot[2].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EYYVMP6U\lo[1].txt - a variant of Win32/Wigon.MK trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDXZR0RL\bot[1].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDXZR0RL\bot[2].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDXZR0RL\bot[3].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDXZR0RL\bot[4].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDXZR0RL\bot[5].txt UPX v12_m2 - unpack error
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDXZR0RL\lo[1].txt - a variant of Win32/Wigon.MK trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Owner\My Documents\Downloads\msgparse.zip ZIP FILE_ID.DIZ MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Owner\My Documents\WM_Owner My Documents\Personal\To Hotel.mht MIME - is OK (internal scanning not performed)
C:\FBPUpdate\updatefile.exe INNO files.info - file is not an archive
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/deploy/ffjcext.zip ZIP {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\inkform.src MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\voicefrm.src MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip ZIP {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Thunderbird\chrome\comm.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Thunderbird\chrome\messenger.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Thunderbird\chrome\newsblog.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Thunderbird\chrome\pippki.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Thunderbird\chrome\toolkit.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\TVUPlayer\uninst.exe NSIS - unpack error
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab CAB Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 MIME - is OK (internal scanning not performed)
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\1C.tmp UPX v12_m2 - unpack error
C:\WINDOWS\system32\2E.tmp UPX v12_m2 - unpack error
Number of scanned objects: 162410
Number of threats found: 2
Number of cleaned objects: 2
Time of completion: 12:20:56 PM Total scanning time: 4125 sec (01:08:45)


Edited by pogogal, 12 November 2009 - 12:51 PM.


BC AdBot (Login to Remove)

 


#2 pogogal

pogogal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 14 November 2009 - 07:50 PM

Sorry for bumping

Anybody, please help me.Now its go through usb drives.It installed autorun.inf on every folder on my usb files and nod32 says its win32/peerfrag worm.

Please help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users