Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM not removing trojan downloader


  • Please log in to reply
5 replies to this topic

#1 peleg38

peleg38

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 February 2011 - 07:32 PM

Hello,
I have been running MBAM after RKILL and it is no longer removing several viruses. The MBAM log is pasted below. THank you for any help.
peleg38

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5751

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/13/2011 9:36:23 PM
mbam-log-2011-02-13 (21-36-23).txt

Scan type: Full scan (C:\|D:\|L:\|)
Objects scanned: 347994
Time elapsed: 1 hour(s), 27 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\application data\eDI46u.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\FYAUc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\ggtvevikq3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\hcsxbwiybb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\qPfrTP5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\W4AMdhB.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\acvbzpfds.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\i7pcdzaiby.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 16 February 2011 - 10:17 AM

Your Malwarebytes Anti-Malware log indicates you are using an outdated database version.
The database shows 5751. Last I checked it was 5772.

Please update it through the program's interface <- preferable method. If malware is blocking you from updating, then manually download the database definitions from one of the following locations (they may not be the most current) and just double-click on mbam-rules.exe to install:Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.


Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
  • Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

-- Alternatively, you can try downloading and using the SUPERAntiSpyware Portable Scanner or performing the SUPERAntiSpyware Online Safe Scan (both listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 peleg38

peleg38
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 18 February 2011 - 10:23 AM

Oh no. I'm afraid I misunderstood your instructions. When I ran superkiller I let it try to remove the infections and reboot. Now windows seems to be rebooting in a never ending loop. Rereading your instructs I am under the impression I should have just sent you the log. I am very sorry. I appreciate help.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 18 February 2011 - 01:15 PM

Have you tried using Last Known Good Configuration or System Restore from a command prompt in Safe Mode to return to a previous state before the problems began?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 peleg38

peleg38
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 24 February 2011 - 06:33 PM

I did a system restore and everything seems to be working fine. I did a full scan with MBAM (log below) and a quick scan with superspy (couldn't figure out log) and they both say no threats. Can you recommend a good active virus protection that is hopefully free? Thank you for your help.
Derek

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5804

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/23/2011 1:02:03 PM
mbam-log-2011-02-23 (13-02-03).txt

Scan type: Full scan (C:\|D:\|L:\|)
Objects scanned: 357321
Time elapsed: 1 hour(s), 31 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 24 February 2011 - 06:58 PM

Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use and your system. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. For more specific information to consider, please read Choosing Your Anti-virus Software.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.


Use trustworthy security tools like:I recommend taking advantage of the Malwarebytes Anti-Malware (Pro) Protection Module in the full version which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect your computer. The database that defines the heuristics is updated as often as there is something to add to it. Keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute. Enabling the Protection Module feature requires registration and purchase of a license key that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as the program utilizes few system resources and should not conflict with other scanners or anti-virus programs.

If any conflicts between Malwarebytes' and another security program are reported, suggested solutions are usually provided in the Common Issues, Questions, and their Solutions, FAQs thread. I know and have worked with some members of the research team so I can attest that they make every effort to resolve issues as quickly as possible.

List of Virus & Malware Resources:My personal choice is NOD32 Anti-Virus if choosing a paid for program as it leaves a small foortprint or one of the following if choosing a free alternative.You can also get a second opinion by performing an an Online Virus Scan.

Edited by quietman7, 24 February 2011 - 07:00 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users