A recent quick scan was run on the computer that produced the Worm.Koobface file, which it says was quarantined and deleted. I ran a quick scan today that produced the Heuristics.Shuriken file, which was also quarantined and deleted. When I saw the recent quick scan log with the Koobface file, I ran a full scan (after the quick scan) with no results found.
I poked around a few sites to get familiar with both, and am more concerned with the Koobface result. Is it anything I need to look into further, or has MBAM successfully deleted it?
Log #1:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4339
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/22/2010 7:11:59 PM
mbam-log-2010-07-22 (19-11-59).txt
Scan type: Quick scan
Objects scanned: 140590
Time elapsed: 5 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Guest\AppData\Local\Temp\svchost.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
Log #2:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4404
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/7/2010 4:08:23 PM
mbam-log-2010-08-07 (16-08-23).txt
Scan type: Quick scan
Objects scanned: 143340
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Guest\AppData\Local\Temp\0.3661488185817129.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
I ran a quick scan today because I was on a few websites and got a pop up "Windows will shut down in 10 minutes", and another that said "Windows will shut down in 2 minutes", at which point it did shut down. I'm not very familiar with Windows 7, so I didn't know if this was legit, but I was on the Guest account and the computer is not set up to automatically install any updates (it is set to download but ask when to install), so I couldn't come up with any reason for it to restart itself. I didn't know if this was a cause for alarm, but I ran a quick scan anyway, and I haven't had any other problems with how the computer has been running. But, after reading about how fun Koobface has been for a lot of people... I wanted to post to be sure.
*edit*
I just now ran a full scan with SAS, it found 106 tracking cookies, but that's it. I can post the log for that if you would like. I had it remove the tracking cookies, at that point it asked to reboot, and I allowed it.
Thanks!
Edited by carissa_lee_, 07 August 2010 - 09:31 PM.