Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

various trojans - how to be sure they've gone?


  • Please log in to reply
No replies to this topic

#1 crouch_potato

crouch_potato

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 24 May 2011 - 03:41 PM

Hi everyone,

First off, thanks to you folk for your advice to others on previous threads, which I've found really useful up until now. I've signed up as I've been having a few problems with my laptop since the turn of the year. It's running Windows Vista, and I use (or have used) Avira, MalawareBytes and Spybot Search & Destroy, but odd things keep getting through. Hope I'm posting in the right way.

The most recent of these was the 'Windows Vista Recovery', which I think I have got rid of, following another thread (although my programs menu us blank, and I'm missing a few other bits and pieces still).

I was wondering if anyone could please offer some help as to how I can check whether I have successfully got rid of everything?

I'll post a transcript from a set of logs from the 4 scans that picked up anything in malawarebytes below. I'm not sure if there's anything that may have slipped through the net that hasn't been quarantined and deleted.

Any help would be much appreciated,

G



Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 332047
Time elapsed: 41 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aMiDpJg06300 (Trojan.FakeAlert) -> Value: aMiDpJg06300 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gsoted (Trojan.Agent.U) -> Value: Gsoted -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\spy.qwas (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\amidpjg06300\amidpjg06300.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\G\AppData\LocalLow\Sun\Java\deployment\cache\6.0\39\70f981e7-6093a25c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\spy.qwas\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Users\G\AppData\Local\iarioI.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.


Scan type: Quick scan
Objects scanned: 149637
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hJpAjLnEcNp06504 (Rogue.SystemTool.M) -> Value: hJpAjLnEcNp06504 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\hjpajlnecnp06504\hjpajlnecnp06504.exe (Rogue.SystemTool.M) -> Quarantined and deleted successfully.


Scan type: Quick scan
Objects scanned: 5
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\G\Desktop\null0.899965075798084.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\G\Desktop\null0.12326044892065968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\G\Desktop\null0.6411631480671373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\G\Desktop\null0.46678202023126036.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 341120
Time elapsed: 1 hour(s), 17 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\46128888.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\programdata\wiicwrekwae.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\G\AppData\Local\Temp\0.021052648016429365.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users