Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse fakealert.UD / Trojan horse Adload_r.AKJ


  • Please log in to reply
No replies to this topic

#1 voodooshaman

voodooshaman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 10 October 2010 - 06:45 AM

Hi there. Was wondering if anyone could help.

I am running Windows 7 and had initially become infected with a rougue application of AV8.exe. I downloaded MBAM and managed to clear the infection. I have also since downloaded and ran AVG 2011 with the latest virus databases.

However, since then whenever I try to load a website (am using firefox as browser mostly) the browser begins to be redirected and AVG Online Sheild Alert flashes up with a warning:

"Threat was blocked!
File name: unsecured-sites.com/block.php?url=X (X being the url of the site i originally tried to access)
Threat name: Trojan horse Fakealert.UD"

When I scan with AVG it finds 2 infected files:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5200):\memory_00010000
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5200)

both are infected with : Trojan horse Adload_r.AKJ
The 2nd file is removed and healed, but the 1st file says "object is inaccessible"


I ran MBAM and it found nothing this morning - here is the report:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4787

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/10/2010 12:00:23
mbam-log-2010-10-10 (12-00-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 222800
Time elapsed: 31 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I don't know if this is of any use to you, but I ran AVG in safe mode last night and here's the report:

AVG 2011 Anti-Virus command line scanner
Copyright © 1992 - 2010 AVG Technologies
Program version 10.0.1120, engine 10.0.422
Virus Database: Version 422/3186 2010-10-09

C:\Documents and Settings\ Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\AVG10\log\avg-042b8110-91b5-4f04-9e99-b569647d3272.tmp Locked file. Not tested.
C:\ProgramData\AVG10\log\avg-1d00262d-ede8-4474-8636-615bd97fb20a.tmp Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Dave\AppData\Local\History\ Locked file. Not tested.
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Dave\Documents\My Music\ Locked file. Not tested.
C:\Users\Dave\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Dave\Documents\My Videos\ Locked file. Not tested.
C:\Users\Dave\NetHood\ Locked file. Not tested.
C:\Users\Dave\NTUSER.DAT Locked file. Not tested.
C:\Users\Dave\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Dave\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Dave\PrintHood\ Locked file. Not tested.
C:\Users\Dave\Templates\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 1160223
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Hope the information was useful. I look forward to hearing your thoughts.

Thank you.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users