Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 nflskins12

nflskins12

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 July 2011 - 03:10 PM

I'm trying to help a friend out with a computer problem and since I had a good experience with you guys in the past, I hope you can help me out again. Basically the infected computer runs and starts up fine but the problem comes when trying to get onto the internet. Skype works perfectly fine but it's just Internet Explorer or Firefox where the problem comes in. It won't allow him to access any websites at all. It seems like a back-door trojan virus and I had him run MalwareBytes to produce a log of infected files and this is what it came up with:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7176

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

7/17/2011 3:35:10 PM
mbam-log-2011-07-17 (15-35-10).txt

Scan type: Quick scan
Objects scanned: 165699
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Tim Butt\AppData\Local\Temp\0.14131718989379927.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\AppData\Local\Temp\Low\adobe_flash_player.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\AppData\Local\Temp\Low\R66v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\local settings\temporary internet files\Content.IE5\ON42B6HV\windows-update-sp3-kb82095-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\AppData\Roaming\Adobe\plugs\mmc196.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\AppData\Roaming\Adobe\plugs\mmc226146350.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Tim Butt\AppData\Roaming\Adobe\plugs\mmc70.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.


Any help on this issue would be greatly appreciated. Thanks!

- Steve

BC AdBot (Login to Remove)

 


#2 nflskins12

nflskins12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 25 July 2011 - 04:54 PM

Solved the problem.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 PM

Posted 25 July 2011 - 11:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users