Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SAS says Rootkit.Agent/Gen-TDSS - log attached


  • Please log in to reply
2 replies to this topic

#1 J.Aza

J.Aza

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brooklyn, NY
  • Local time:11:11 AM

Posted 14 June 2011 - 05:27 PM

Results of full scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2011 at 05:28 AM

Application Version : 4.54.1000

Core Rules Database Version : 7263
Trace Rules Database Version: 5075

Scan type : Complete Scan
Total Scan Time : 00:32:18

Memory items scanned : 660
Memory threats detected : 0
Registry items scanned : 12787
Registry threats detected : 0
File items scanned : 26656
File threats detected : 43

Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Store\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
a.ads2.msads.net [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
ads2.msads.net [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
ia.media-imdb.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
malepornstarsexposed.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
media.kyte.tv [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
media.scanscout.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
media1.break.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
s0.2mdn.net [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
secure-uk.imrworldwide.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
secure-us.imrworldwide.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
serving-sys.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
sexier.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
sftrack.searchforce.net [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
thebigpornsecret.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
timesofindia.indiatimes.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
www.naiadsystems.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
www.pathummedia.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
www.sexmoviespost.com [ C:\Users\Store\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FJVVM7TM ]
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@paypal.112.2o7[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@stats.paypal[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@zedo[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@advertising[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@statse.webtrendslive[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@pathummedia[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@yieldmanager[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@ads.pointroll[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@r1-ads.ace.advertising[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@imrworldwide[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@atdmt[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@adxpose[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@pointroll[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@doubleclick[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@realmedia[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@collective-media[2].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@synacortoshiba.112.2o7[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@tribalfusion[1].txt
C:\Users\Store\AppData\Roaming\Microsoft\Windows\Cookies\Low\store@ad.yieldmanager[1].txt

Trojan.Agent/Gen-FakeAntiSpy
C:\USERS\STORE\APPDATA\LOCAL\TEMP\-213E8.TMP
C:\USERS\STORE\APPDATA\LOCAL\TEMP\18A.TMP

Rootkit.Agent/Gen-TDSS
C:\USERS\STORE\APPDATA\LOCAL\TEMP\0.5097938935511298.EXE

Trojan.Agent/Gen-Virut
C:\USERS\STORE\APPDATA\LOCAL\TEMP\1363E8.TMP

Trojan.Agent/Gen-FakeAlert[GDI]
C:\USERS\STORE\APPDATA\LOCAL\TEMP\TMPFFE5.TMP

---


MBAM Log coming next. Thx.

BC AdBot (Login to Remove)

 


#2 J.Aza

J.Aza
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brooklyn, NY
  • Local time:11:11 AM

Posted 14 June 2011 - 07:07 PM

MBAM seems to agree

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6851

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/14/2011 8:05:40 PM
mbam-log-2011-06-14 (20-05-30).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 258988
Time elapsed: 23 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Store\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> No action taken.
c:\Users\Store\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> No action taken.
c:\Users\Store\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> No action taken.

Files Infected:
c:\Users\Store\AppData\Local\Temp\-213E8.tmp (Trojan.Agent) -> No action taken.
c:\Users\Store\AppData\Local\Temp\0.5097938935511298.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Store\AppData\Local\Temp\1363E8.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\Store\AppData\Local\Temp\18A.tmp (Trojan.Agent) -> No action taken.
c:\Users\Store\AppData\Local\Temp\tmpFFE5.tmp (Trojan.FakeMS) -> No action taken.
c:\Users\Store\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> No action taken.
c:\Users\Store\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> No action taken.
c:\Users\Store\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> No action taken.


What should i do?

#3 J.Aza

J.Aza
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brooklyn, NY
  • Local time:11:11 AM

Posted 15 June 2011 - 12:30 AM

bump

anyone? should I let sas/mbam clean or how should I proceed? please.

thank you,
J.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users