Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ASPack?


  • Please log in to reply
1 reply to this topic

#1 Sturmgeist

Sturmgeist

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 24 October 2012 - 12:48 PM

When I ran a virus scan yesterday with Avast it found nothing, but this morning it found something called "ASPack" and claimed it was a Trojan-gen and a "high" security risk. Apparently it was in my system restore. After seraching google for what it is, I am even more confused. Some sites claim it is a false positive that shows up on Gateway computers (I have a Gateway), others say it is a viscous hacker tool used to log keystrokes and take screenshots and spy on you. I am now running MBAM and so far it has found 11 entries when yesterday it found none. How the heck did I get this thing? Why would anyone want to spy on me (if that is even the case). I saw it recommended multiple times to disable system restore and then re-enable it, and have done so. Any advice is welcome, and I can post the MBAM log when it is finished.

BC AdBot (Login to Remove)

 


#2 Sturmgeist

Sturmgeist
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 24 October 2012 - 02:14 PM

Well, here is the MBAM log.


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jen :: JENMAYER [administrator]

10/24/2012 10:14:08 AM
mbam-log-2012-10-24 (10-14-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 387775
Time elapsed: 55 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3042DF7A-E900-4389-9B94-923DF0DAA57E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58376892-60E7-4F63-ACA0-0F686AF554D6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EB534FB-2001-45C4-B860-BC904865A379} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e001b32e-5acb-4cce-9910-2d379ce0a6d6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jen\My Documents\Downloads\TrendMicro_Downloader(2).exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jen\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users