Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Downloader attacked my other clean PC


  • Please log in to reply

#1
Wisdom2

Wisdom2

    Member

  • Member
  • PipPip
  • 51 posts
I got a different PC cleaned by a Helper, but today my Healthy PC got attacked but by a much less serious attack, because unlike the other PC, this PC appears to have been completly cleaned by Mawareabytes. But I wanted to be sure it didn't miss anything. The Malwarebytes log is below. I can generate other logs if needed. NOTE: My for my other PC I was given AVP Tool by Kaspersky, but that would not run so I was given Dr.Web CureIt which worked. My question is for this PC the one I am giving the log for, can I run Dr.Web CureIt to be sure My Norton Antivirus did not miss something.

BTW I got infected tody on this PC, by visiting the same Sites I visited yesterday and everyday without issue, fairly trusted sites. I has set my Norton Suite to highest settings, and every-time any program uses any module to acces the nternet, it lets me know,it a pain but... So today I got a warning that a program from Temp folder was wishing to access the internet, I hit deny always for that alert, because usually the alert file will say Firefox.exe is wishing to use such bla blah module to access, and you hit yes allow always. But so my 1st clue was this temp file accessing alert, after I hit deny always, I got several similar alerts I kept hitting deny always. Then I got some Norton blah blah needs to access, and I was thinking to maybe deny access this time, but then all of a sudden my Firefox started to exit and close down, then I got a Norton has found and intercepted Trojan Backdoor hack tools , and before I could it delete, My PC rebooted automatically.

Then I ran Malwareabytes, and it seems to have cleaned out some fake virus removal tool.

1st my Norton antivirus log:
Category: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
8/14/2009 2:48:24 PM,Auto-Protect,Hacktool.Rootkit,Automatically deleted,File,N/A,N/A,200810060006,12.8.0.4,SYSTEM,COMPA,"Source: C:\WINDOWS\system32\dllcache\figaro.sys,Action taken: Automatically deleted"

2nd my Malwareabytes log:


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

8/14/2009 3:02:32 PM
from mbam-log-2009-08-14 (15-01-50).txt

Scan type: Quick Scan
Objects scanned: 103275
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> No action taken.

Edited by Wisdom2, 14 August 2009 - 06:39 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP