Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP.. i think i am infected..


  • Please log in to reply
1 reply to this topic

#1 naitik333

naitik333

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 02 May 2012 - 04:07 AM

hi,
i think i am infected with Trojandropper:win32/sirefef.B.
so i followed the procedure given in this topic
http://www.bleepingcomputer.com/forums/topic409101.html

but i am still facing some issues like unable to access some shared network resources..

please help me..
i am uploading all the log files..

mbam-log-2012-04-26 (17-38-09).txt
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NAITIKN :: NAITIKN02 [administrator]

4/26/2012 5:38:09 PM
mbam-log-2012-04-26 (17-38-09).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 49567
Time elapsed: 7 minute(s), 20 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mbam-log-2012-04-26 (17-45-40).txt
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NAITIKN :: NAITIKN02 [administrator]

4/26/2012 5:45:40 PM
mbam-log-2012-04-26 (17-45-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297526
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Detected: 1
C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> 544 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\Temp\dllhost.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

mbam-log-2012-04-26 (19-36-59).txt
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NAITIKN :: NAITIKN02 [administrator]

4/26/2012 7:36:59 PM
mbam-log-2012-04-26 (19-36-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304396
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 1
C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> 308 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\naitikn\My Documents\Downloads\SoftonicDownloader_for_cavaj-java-decompiler.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

mbam-log-2012-04-27 (12-56-33).txt
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
NAITIKN :: NAITIKN02 [administrator]

4/27/2012 12:56:33 PM
mbam-log-2012-04-27 (12-56-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 892399
Time elapsed: 3 hour(s), 11 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\naitikn\My Documents\Downloads\java\SoftonicDownloader_for_textcrawler.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)

rkill log
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 

Rkill was run on 04/27/2012 at 12:49:56. 
Operating System: Microsoft Windows XP 


Processes terminated by Rkill or while it was running: 



 --- ATTENTION --- 

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: genproxy:8080

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 04/27/2012 at 12:49:58. 

Edited by naitik333, 02 May 2012 - 04:16 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 AM

Posted 02 May 2012 - 10:12 AM

You're still infected


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users