Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware help regarding internet connection problems [Closed]

Started by Lard , May 11 2009 08:30 PM

  • This topic is locked This topic is locked

#1
Lard
Posted 11 May 2009 - 08:30 PM

Lard

    Member

  • Member
  • PipPipPip
  • 140 posts
I was referred here by another section ( http://www.geekstogo...P....html&st=15 ) regarding malware on my computer.

I used ATF cleaner, Malware Bytes Anti-Malware and Rooter

Here's my malware log

Malwarebytes' Anti-Malware 1.36
Database version: 2112
Windows 5.1.2600 Service Pack 3

5/11/2009 9:53:18 PM
mbam-log-2009-05-11 (21-53-18).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 264532
Time elapsed: 2 hour(s), 12 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\sysregi.exe (Backdoor.Rbot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nod32 runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\nod32 runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Nod32 Runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\brenda\Application Data\Adobe\kernell32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysregi.exe (Backdoor.Rbot) -> Delete on reboot.


And my Rooter log

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:149464 Mo/Free:3678 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:114470 Mo/Free:1241 Mo)
F:\ [Fixed] - FAT32 - (Total:953634 Mo/Free:3952 Mo)

Mon 05/11/2009|22:14

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
---------- C:\WINDOWS\system32\IoctlSvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\system32\LVCOMSX.EXE
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Logitech\Video\LogiTray.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
---------- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\dlcccoms.exe
---------- C:\Program Files\Dell Support\DSAgnt.exe
---------- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
---------- C:\Program Files\Logitech\Video\FxSvr2.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\Program Files\Registry Mechanic\RegMech.exe
---------- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\brenda\Local Settings\temp\[isoHunt] NCH.Express.Burn.Plus.v4.02.WinAll.Incl.Keygen-CRD.rar.torrent


1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/11/2009|22:18

----------------------\\ Scan completed at 22:18
  • 0

Advertisements

#2
Essexboy
Posted 14 May 2009 - 02:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay I will need a fresh look at your system

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
Essexboy
Posted 18 May 2009 - 02:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP