Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


This is my bad day ever please help me out

  • This topic is locked This topic is locked
2 replies to this topic

#1 Kusai


  • Banned
  • 59 posts
  • Gender:Male
  • Local time:05:16 AM

Posted 15 April 2010 - 11:55 AM

Today when i scanned with malware bytes i found out
Malwarebytes' Anti-Malware 1.45

Database version: 3990

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15-04-2010 6:20:40 PM
mbam-log-2010-04-15 (18-20-40).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 115690
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kane\Application Data\gkewzr.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Kane\Local Settings\Temp\031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Kane\csrss.exe (Trojan.Agent) -> Delete on reboot.

These files are in quarantine should i delete them from there as i am getting this message every 10 secs Svchost.exe is trying to send Emails Like this-http://www.ncs.net.in/home/resources/faq/1-QH/17-c-%5Cwindows%5Csystem32%5Csvchost.exe%20is%20trying%20to%20send%20the%20mails..html?pop=1&tmpl=component

Please help me out here?

BC AdBot (Login to Remove)


#2 Kusai

  • Topic Starter

  • Banned
  • 59 posts
  • Gender:Male
  • Local time:05:16 AM

Posted 17 April 2010 - 07:46 AM

Please close this log

#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,316 posts
  • Gender:Female
  • Location:Romania
  • Local time:01:16 PM

Posted 17 April 2010 - 09:00 AM

Closed as requested.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users