Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen Nulu {Short} Re-appears After SAS Scan


  • Please log in to reply
No replies to this topic

#1 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 11 August 2013 - 10:04 AM

Hello evryone !

 

I  run scans everyday using Microsoft Security Essentials, MalwareBytes and SuperAntiSpyware.

 

My computer has been clean since last Febuary other than some adware that SAS picks up sometimes.

 

Yesterday I ran a full scan with SAS (in normal mode) and it picked up

 

Trojan.Agent/Gen Nullu {Short} as infecting 6 of my files. I deleted the infected Files.

This morning I ran a scan in safe mode and more files were infected.

 

I ran a full scan with MalwareBytes and it picked up    PUP.Optional     infecting my computer.

 

I am not sure what is going on. I have not downloaded anything recently and I do not visit any type of questionable sites.

 

 

Two things I have noticed differently starting yesterday. My computer shut down by itself a couple of times yesterday evening and it shut down twice this morning as I was booting to safe mode.

 

Next it hangs up on a couple of sites I have been going on for years that have never given any trouble.

 

I was hoping that someone here could check to see if these things are gone.

 

Thanks for any help you can give me.

 

Dennis  (XP-HOME, IE-8, SP-3)

 

Here are my logs from SAS and MalwareBytes.

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/10/2013 at 03:31 PM

Application Version : 5.6.1020

Core Rules Database Version : 10680
Trace Rules Database Version: 8492

Scan type       : Complete Scan
Total Scan Time : 01:40:32

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 515
Memory threats detected   : 0
Registry items scanned    : 37781
Registry threats detected : 0
File items scanned        : 62815
File threats detected     : 16

Adware.Tracking Cookie
 C:\Documents and Settings\Michael Froehler\Cookies\04L486D7.txt [ /track.adform.net ]
 C:\Documents and Settings\Michael Froehler\Cookies\B5GKCU62.txt [ /lucidmedia.com ]
 C:\Documents and Settings\Michael Froehler\Cookies\I51W3FCC.txt [ /stat.onestat.com ]
 C:\Documents and Settings\Michael Froehler\Cookies\ZWGZ3RHI.txt [ /ads.tunein.com ]
 C:\Documents and Settings\Michael Froehler\Cookies\X6TKICVV.txt [ /banners.andomedia.com ]
 C:\Documents and Settings\Michael Froehler\Cookies\CKZW8AJG.txt [ /a.intentmedia.net ]
 C:\Documents and Settings\Michael Froehler\Cookies\FIZZRRRF.txt [ /ads.p161.net ]
 C:\Documents and Settings\Michael Froehler\Cookies\X01TZ6W3.txt [ /ad.mlnadvertising.com ]
 C:\Documents and Settings\Michael Froehler\Cookies\MQ21BJ68.txt [ /at.atwola.com ]
 C:\Documents and Settings\Michael Froehler\Cookies\Y0VLFPM6.txt [ /adtechus.com ]

Trojan.Agent/Gen-Nullo[Short]
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0195401.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0195402.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0195406.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0195412.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0195413.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0195414.EXE

 

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2013 at 10:02 AM

Application Version : 5.6.1020

Core Rules Database Version : 10680
Trace Rules Database Version: 8492

Scan type       : Complete Scan
Total Scan Time : 04:09:55

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 226
Memory threats detected   : 0
Registry items scanned    : 35865
Registry threats detected : 0
File items scanned        : 102108
File threats detected     : 4

Adware.Tracking Cookie
 C:\DOCUMENTS AND SETTINGS\IRENE\Cookies\KC9REDQ8.txt [ Cookie:irene@mediaplex.com/ ]
 C:\DOCUMENTS AND SETTINGS\IRENE\Cookies\AEQCVTOE.txt [ Cookie:irene@apmebf.com/ ]

Trojan.Agent/Gen-Nullo[Short]
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3369\A0201753.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3369\A0201754.EXE

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael  :: MIKE [administrator]

Protection: Enabled

8/11/2013 1:28:09 AM
mbam-log-2013-08-11 (01-28-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291707
Time elapsed: 36 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Program Files\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Files Detected: 28
C:\Documents and Settings\Michael Froehler\Local Settings\Temp\ct3287375\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael Froehler\Local Settings\Temp\ct3287375\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

(end)


Edited by Dennis H, 11 August 2013 - 10:10 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users