Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse 5,10, and 13

Started by prophecyrj , Aug 20 2009 04:14 PM

  • Please log in to reply

#1
prophecyrj
Posted 20 August 2009 - 04:14 PM

prophecyrj

    New Member

  • Member
  • Pip
  • 6 posts
Hello there,

I recently ran an AVG 8.5 Scan and discovered that my dad has 3 different types of Trojans on his computer. I moved them to the virus vault but highly doubt that this did anything.

AVG shows there are th e following types of trojans:
Trojan horse Generic13.BLHF
Trojan horse Generic5.IUI
Trojan horse Generic10.WMK

--------------------------------------------------------
Here is the AVG scan result after I tried to heal the trojans with AVG.


"Scan ""Scan whole computer"" was finished."
"Warnings";"56"
"Information";"2"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, August 21, 2009, 4:21:48 AM"
"Scan finished:";"Friday, August 21, 2009, 4:48:10 AM (26 minute(s) 22 second(s))"
"Total object scanned:";"215214"
"User who launched the scan:";"shamal"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\247realmedia.com.855b46d";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.1820df7a";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.203aa218";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.b624fa46";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.f62113d5";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\advertising.com.525a5fb9";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\atdmt.com.7247c262";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\bluestreak.com.bf396750";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\burstnet.com.a3218a37";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.1773afc";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.650648e8";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.8c65eddd";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\casalemedia.com.fb62dd4b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\clickbank.net.82079eb1";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\doubleclick.net.bf396750";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.57e8da10";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\fastclick.net.94ca190b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\mediaplex.com.f652b123";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\overture.com.52ca467a";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\overture.com.d727de6f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.2df99d79";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.44927ec";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.55564293";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.400f83f";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.27f1639b";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.a5b6a132";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found ";"Potentially dangerous object"
"C:\Documents and Settings\shamal\Application Data\Mozilla\Firefox\Profiles\6tb7x6z2.default\cookies.sqlite:\zedo.com.f462b69f";"Found ";"Potentially dangerous object"

"Information"
"File";"Infection";"Result"
"C:\Program Files\WinRAR\SysTools\Plugins\Alcohol 1.x.dll";"Runtime packed upack";""
"C:\Program Files\WinRAR\SysTools\Plugins\Empty Key.dll";"Runtime packed upack";""


After running this AVG gave me a pop-up saying that it found Trojan Horse10.WMK on open.



-------------------------------------
Here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:55 AM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00
,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00
,
64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 6892 bytes




Edit :

Here is Malwarebytes scan

--------------------
Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3

8/21/2009 6:02:30 AM
mbam-log-2009-08-21 (06-02-27).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 135722
Time elapsed: 27 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{18aaa5c0-4fcb-11cf-aax5-81cx1c605612} (Generic.Bot.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Files Infected:
C:\Program Files\WinRAR\SysTools\Plugins\Alcohol 1.x.dll (Malware.Packer) -> No action taken.
C:\Program Files\WinRAR\SysTools\Plugins\Empty Key.dll (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{CFC9ADC4-7A19-4576-92F1-81067BAD8C76}\RP48\A0020565.exe (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{CFC9ADC4-7A19-4576-92F1-81067BAD8C76}\RP55\A0023268.dll (Malware.Packer) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.




I would appreciate any help.

Thanks

Edited by prophecyrj, 20 August 2009 - 05:29 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP