Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer, what to do


  • This topic is locked This topic is locked
25 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 July 2013 - 09:27 PM

Greetings all...I have a friends computer that was infected with some Trojans.  I ran Malwarebytes Antimalware to get rid of the main infection.  Lots of problems still...slow...Google Chrome won't open...etc.  Where can I start? 

 

Thanks


Edited by mercuryrsng, 21 July 2013 - 09:27 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 21 July 2013 - 10:13 PM

 I ran Malwarebytes Antimalware to get rid of the main infection.

Please first Open Malwarebytes program > Click on Logs (at the top) and post the dated log with the removed infection(s).

This way we can see what the program removed > Now do a Full Scan with MBAM and post that log when completed -

 

Thank You -



#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 July 2013 - 10:47 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.21.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Mike :: MIKE-PC [administrator]

7/22/2013 3:17:29 PM
mbam-log-2013-07-22 (15-17-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266608
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FakeAV.DFN) -> Data: C:\Users\Mike\AppData\Roaming\mldefender.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Mike\AppData\Local\Temp\4D4.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\E5DE.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Mike\conhost.exe (Trojan.Zbot.FV) -> Quarantined and deleted successfully.
C:\Users\Mike\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Roaming\mldefender.exe (Trojan.FakeAV.DFN) -> Quarantined and deleted successfully.

(end)



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 21 July 2013 - 11:19 PM

One of the major problems would be the Trojan.Zbot - The following is from Norton (Symantec) - Trojan.FakeAV.DFN is similar.

User behavior and precautions
Trojan.Zbot relies heavily on social engineering in order to infect computers. The spam email campaigns used by attackers attempt to trick the user by referencing the latest news stories, playing upon fears their sensitive information has been stolen, suggesting that compromising photos have been taken of them, or any number of other ruses.

Users should use caution when clicking links in such emails. Basic checks such as hovering with the mouse pointer over each link will normally show where the link leads to. Users can also check online Web site rating services such as safeweb.norton.com to see if the site is deemed safe to visit. ...............
 

Do not worry too much as this infects many computers and should be not too hard to remove.

After you finish running (and posting) the Malwarebytes Full Scan please run this program -

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next : Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
*Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

And Last : Please download TFC, or Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK and Reboot your computer (if not done automatically) to finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

No log is produced, but it may tell you the amount of Temp Files removed.

 

Thank You -



#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 July 2013 - 12:26 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.21.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16635
Mike :: MIKE-PC [administrator]

7/22/2013 6:34:37 PM
mbam-log-2013-07-22 (18-34-37).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403959
Time elapsed: 46 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FakeAV.DFN) -> Data: C:\Users\Mike\AppData\Roaming\mldefender.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Mike\icq.exe (Trojan.Zbot.FV) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\586C.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\7417.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\b34btbztdb0vavaw.exe (Trojan.Dropper.ED) -> Quarantined and deleted successfully.
C:\Users\Mike\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Roaming\mldefender.exe (Trojan.FakeAV.DFN) -> Quarantined and deleted successfully.

(end)



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 22 July 2013 - 12:54 AM

Please finish and post Security Check - Then run AdwCleaner - Then run TFC Cleaner in the order listed above -

 

If you can, as many of these prograns need to be run in Normal Mode unless listed otherwise -

 

The reason is that I need to see the true results here. You can Download in Safe Mode but scans need Normal Mode -

MBAM will not fully remove all of these infections in Safe Mode, only tell us the infection is there.

Rescan in Normal Mode unless there is a problem that you have not mentioned -

 

 

Once you finish these - Scan your machine with ESET OnlineScan

This is best done with Internet Explorer, but other browser directions are included.

Turn OFF your antivirus program, but leave any firewall operating
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2.Double click on the ESET Online Scanner icon on your desktop.

 

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

Thanks -


Edited by noknojon, 22 July 2013 - 01:05 AM.


#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 July 2013 - 02:40 PM

OK so I had to run MBAM and Security Check in safe mode.  I got your latest message after I had already run them.  I kept getting the malware popup and I couldn't do anything, so Safe Mode was my only option.   I will post those results below.   I will re-run both of those programs in normal mode at this point since the pop up is gone.  I will then run the rest of the programs that you showed me in the last post.

 

Thanks

 

 

 Results of screen317's Security Check version 0.99.70 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 20 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 

 

 

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 15:27:38
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O23PLQU5\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3276 octets] - [23/07/2013 15:27:38]

########## EOF - C:\AdwCleaner[S1].txt - [3336 octets] ##########



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 22 July 2013 - 05:56 PM

Hi -

I am a bit concerned that you seem to have no Antivirus program listed as installed ??

The program (like all scanners) can give a false reading, so can you please check this for me -

 

If there is actually no Antivirus installed then Install M.S.E. for now and click Settings > Realtime protection > and tick the box
http://windows.microsoft.com/en-US/windows/products/security-essentials

Click to > Check for Updates > and then do a Quick Scan with M.S.E.

 

 

Following the above run rKill please > Directions below >

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

Post the log, and your current situation with the problem -

 

 

Thank You -



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 22 July 2013 - 06:13 PM

Once the the computer is stable enough, please run these updates >

 

Update your Java to current Version7 Update25
Remove All other installed versions, as they are vunerable to attack or infection.
Untick any Add-ons or Toolbars in the download as they are unwanted

 

http://get.adobe.com/reader/ < Update Adobe Reader to current Version 11
Remove All other installed versions, as they are vunerable to attack or infection.
Untick any Add-ons or Toolbars in the download as they are unwanted

 

Thanks -


Edited by noknojon, 22 July 2013 - 06:17 PM.


#10 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 July 2013 - 08:49 PM

Computer is running better.  You are correct...apparently this computer doesn't have an antivirus installed on it.  I ran MSE and it found nothing.  Here is the rkill text.  I will do those updates now.

 

 

Rkill 2.5.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/24/2013 01:02:53 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Mike\Desktop\rkill\rkill-07-24-2013-01-02-59.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/24/2013 01:04:53 AM
Execution time: 0 hours(s), 2 minute(s), and 0 seconds(s)


#11 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 July 2013 - 08:57 PM

Also, to note.  This computer has Verizon Internet Security Suite.  I don't think it's an antivirus program but I keep getting pop ups showing a risky connection was blocked.  Clicking on "About this IP Address" on one of these popups (there are always more than one), brings me here.

 

http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=95.211.189.195&lang=en-us&lcid=1

 

I suspect something is still going on in the background.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 22 July 2013 - 10:07 PM

I suspect something is still going on in the background. < Can you be a bit more specific.

 

Please run the OnLine Scanner (in Normal Mode) and post the report back here -

You may need to disable MSE

How To Temporarily Disable Your Anti-virus

 

You still have not posted a Malwarebytes Scan in Normal Mode -

 

Thanks -

EDITED to add link -


Edited by noknojon, 22 July 2013 - 10:13 PM.


#13 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 July 2013 - 09:55 AM

OK Sorry, below is my Malwarebytes report in normal mode.  No issues detected.

Also, I ran ESET overnight and when I looked at the computer in the morning, it appears to have restarted.  Would it have saved a text file?

 

By something going on, what I was referring to was the constant Verizon Internet Security Suite pop up telling me that "McAfee has blocked your PC from making a risky connection".  There is a link to "about this ip address" that I posted above.  It is still constantly happening. 

 

Also, now I got a RegSvr32 pop up stating that "the module "C:\Users\Mike\AppData\Local\TOSHIBA\kmbytkeu.dll" " failed to load.

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.21.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Mike :: MIKE-PC [administrator]
 
7/23/2013 3:47:36 PM
mbam-log-2013-07-23 (15-47-36).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391235
Time elapsed: 1 hour(s), 19 minute(s), 8 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:47 AM

Posted 23 July 2013 - 05:48 PM

How can I view the log file from ESET Online Scanner?

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis.

The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt").

You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

 

I have replaced programs like Verizon Internet Security Suite or Nortons similar version with WOT that gives a page ranking if I hit a very bad page. Your Suite is not required and is just giving an opinion (from McAfee) each time you open a page, that is all. It is known to give false ratings, so I would just delete it -

 

kmbytkeu.dll is not even listed in GOOGLE as a known .dll



#15 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 July 2013 - 08:12 PM

OK thank you for the info....what else should I do?
Here's the ESET log.
 
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb07374c7f04af4cad3e7f0788164881
# engine=14497
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-24 10:39:38
# local_time=2013-07-24 06:39:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 88 11158231 123336974 0 0
# compatibility_mode=5893 16776574 100 94 0 126205828 0 0
# scanned=166661
# found=3
# cleaned=3
# scan_time=13925
sh=BCB71D0B67FCC6CFF91E27CD44CC95C55F9DDB02 ft=1 fh=c71c001181fab7bc vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\Mike\AppData\Local\Programs\Program Files\ajcf.dll"
sh=7474CFC50764D21E618D37974836CC926148E7F1 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.DH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mike\AppData\Local\Temp\V.class"
sh=6DDF690D1039996D836D91CB4BBFC70F2433721E ft=1 fh=c71c001183148c69 vn="Win32/Boaxxe.G trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\Mike\AppData\Local\TOSHIBA\kmbytkeu.dll"

Edited by mercuryrsng, 23 July 2013 - 08:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users