Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected with some sort of malicious..


  • Please log in to reply
5 replies to this topic

#1 Kurt14

Kurt14

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 28 June 2012 - 04:55 AM

Hello, this is actually my first post in this forum. I am basically facing a problem, and I think my computer is infected with a malicious program. I scanned with Malwarebytes anti-malware twice and I found multiple malicious programs that have been eventually quarantined. I also did an online scan - Result was satisfying as no virus has been found. The first time I scanned with online scan it found a malicious program.

I was so happy after the last online scan.. But my other software 'Anti Trojan Elite' said that it found a trojan in my computer - I don't know if it is a coincidence but it says that every time I: Want to use 'Open with..' - Want to open control panel...

Please help me resolve this problem. I use windows XP (ofc).

Edited by hamluis, 28 June 2012 - 06:43 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:58 PM

Posted 28 June 2012 - 05:04 AM

Post the MBAM (Malwarebytes anti-malware) log.

#3 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 28 June 2012 - 05:05 AM

I had two checks, I have to post both logs?

#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:58 PM

Posted 28 June 2012 - 05:06 AM

Post both logs.

#5 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 28 June 2012 - 05:16 AM

You know what? I'll post the last 4 logs. (The first one was way way earlier than the current infection)

Log 1:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
too :: FSC [administrator]

6/3/2012 3:40:53 PM
mbam-log-2012-06-03 (15-40-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272378
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{5460C4DF-B266-909E-CB58-E32B79832EB2} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKCU\Software\((Mutex)) (Backdoor.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.Agent) -> Data: C:\WINDOWS\InstallDir\MspCW.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.Agent) -> Data: C:\WINDOWS\InstallDir\MspCW.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\InstallDir\MspCW.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\too\Mes documents\Downloads\atube-catcher-2-9-es-en-win.exe (PUP.BundleInstaller.UTD) -> Quarantined and deleted successfully.
C:\Documents and Settings\too\Mes documents\Downloads\SoftonicDownloader_for_wavepad.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Program Files\d3d9.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\too\Application Data\Microsoft\Windows\((Mutex)).cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\too\Application Data\Microsoft\Windows\((Mutex)).dat (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\too\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

Log 2:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
too :: FSC [administrator]

6/4/2012 2:18:21 PM
mbam-log-2012-06-04 (14-18-21).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 468766
Time elapsed: 4 hour(s), 52 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\TEMP\Bureau\GTA SA\trainer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\too\Mes documents\Mozilla downloads\SmileyCentral.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Documents and Settings\too\Mes documents\Mozilla downloads\SoftonicDownloader_pour_doras-world-adventure.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Program Files\Call of Duty 4 - Modern Warfare\cod4keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2CA1AAC8-474C-47BD-B65C-7CA5D410B6D4}\RP936\A1190845.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

Log 3:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
too :: FSC [administrator]

6/17/2012 7:34:17 PM
mbam-log-2012-06-17 (19-34-17).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Log 4:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
too :: FSC [administrator]

6/17/2012 7:38:27 PM
mbam-log-2012-06-17 (19-38-27).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 2832
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:58 PM

Posted 28 June 2012 - 05:21 AM

You have had a backdoor but MBAM cleaned it in the older logs.


1. Update MBAM, so you got the last malware-database.
2. Perform a new scan with MBAM.
3. Post the new log for my review.

Please also perform a online scan with Eset;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Edited by ElFasso, 28 June 2012 - 05:22 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users