Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Trojan...Experiencing low-level pop-ups


  • Please log in to reply
No replies to this topic

#1 dbwhit

dbwhit

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 21 January 2010 - 02:15 PM

Yesterday I visited a website & it failed to load, but at the same time my pc acted strange. I run a web based web watcher program that filters out some content, I assumed it was that. But, last night I went to the internet & noticed it loaded slowly, after going to a website, I got a "pop-up" that acted as if I'd requested it to open in a new tab. I scanned my PC w/ Malwarebytes' Anti-Malware & SUPERAntiSpyware (both being free editions)....As well as a full virus scan...All three logs are shown below in the order they were executed. Do you see anything? Normally, I would take these result as saying, "ALL IS GOOD", but it still loads Mozilla slow & just then I was researching "sdra64.exe", which was found on Malwarebytes scan (see below). When after googling for it, I received 2 pop-ups, in a new tab, both were shady looking search engines that had advertising for "sdra64.exe".

Malwarebytes' Anti-Malware Log


Malwarebytes' Anti-Malware 1.44
Database version: 3606
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/20/2010 11:06:15 PM
mbam-log-2010-01-20 (23-06-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 328182
Time elapsed: 1 hour(s), 38 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Free Edition Log


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2010 at 00:02 AM

Application Version : 4.33.1000

Core Rules Database Version : 4499
Trace Rules Database Version: 2313

Scan type : Complete Scan
Total Scan Time : 00:49:21

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 7141
Registry threats detected : 0
File items scanned : 26374
File threats detected : 13

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adbrite[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@invitemedia[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@tacoda[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@at.atwola[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@revsci[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@specificclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@pointroll[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt

Symantec Endpoint Protection Log


Virus scan found nothing!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users