Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Malware help regarding internet connection problems [Closed]

  • This topic is locked This topic is locked




  • Member
  • PipPipPip
  • 140 posts
I was referred here by another section ( http://www.geekstogo...P....html&st=15 ) regarding malware on my computer.

I used ATF cleaner, Malware Bytes Anti-Malware and Rooter

Here's my malware log

Malwarebytes' Anti-Malware 1.36
Database version: 2112
Windows 5.1.2600 Service Pack 3

5/11/2009 9:53:18 PM
mbam-log-2009-05-11 (21-53-18).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 264532
Time elapsed: 2 hour(s), 12 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\sysregi.exe (Backdoor.Rbot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nod32 runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\nod32 runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Nod32 Runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\brenda\Application Data\Adobe\kernell32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysregi.exe (Backdoor.Rbot) -> Delete on reboot.

And my Rooter log

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:149464 Mo/Free:3678 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:114470 Mo/Free:1241 Mo)
F:\ [Fixed] - FAT32 - (Total:953634 Mo/Free:3952 Mo)

Mon 05/11/2009|22:14

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
---------- C:\WINDOWS\system32\IoctlSvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\system32\LVCOMSX.EXE
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Logitech\Video\LogiTray.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
---------- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\dlcccoms.exe
---------- C:\Program Files\Dell Support\DSAgnt.exe
---------- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
---------- C:\Program Files\Logitech\Video\FxSvr2.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\Program Files\Registry Mechanic\RegMech.exe
---------- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\brenda\Local Settings\temp\[isoHunt] NCH.Express.Burn.Plus.v4.02.WinAll.Incl.Keygen-CRD.rar.torrent

1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/11/2009|22:18

----------------------\\ Scan completed at 22:18
  • 0




    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay I will need a fresh look at your system

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanit folder and double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0



    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP