Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recently got a Trojan.Ransom


  • This topic is locked This topic is locked
2 replies to this topic

#1 KiddGrimm

KiddGrimm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 18 December 2012 - 12:39 AM

Malwarebytes found a trojan.ransom on a full scan, removed it, and then I rebooted. I scanned again and it came back clean. I was searching online for what exactly this type of trojan is and found people posting roguekiller logs. I thought I should download and do that as well. The log came back:

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : God_2 [Admin rights]
Mode : Scan -- Date : 12/17/2012 23:10:07

Bad processes : 0

Registry Entries : 8
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

Extern Hives:
-> D:\Users\Default\NTUSER.DAT

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: C300-CTFDDAC064MAG +++++
--- User ---
[MBR] 46ce1f5d470ea4871338ac9315817cb0
[BSP] 197f1d4c7143dca06fc33ce24513f8a5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS5C3020ALA632 +++++
--- User ---
[MBR] 2aecf56ca8335e825924d007adc24ba6
[BSP] fe49c5c3c1f0f6c9504942e898e1ca30 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12172012_02d2310.txt >>
RKreport[1]_S_12172012_02d2310.txt



Also attached a HijackThis log.

Attached Files


Edited by KiddGrimm, 18 December 2012 - 12:40 AM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:58 PM

Posted 18 December 2012 - 03:51 AM

Hi,

I can't see anything strange anymore here. Are you still having problems?
Mind to post the Malwarebytes log where the Trojan.Ransom was detected? It's under the Logs tab. There may be several different logs there, so pick the one where the detection was present.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:58 PM

Posted 02 January 2013 - 07:21 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users