Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unknown malware- MBAM log attached


  • Please log in to reply

#1
thero_cpd

thero_cpd

    Member

  • Member
  • PipPip
  • 99 posts
please see below attached MBAM log; what ever I have seems to be preventing mbam from actually removing anything. the second I click to remove these items MBAM crashes. Also on internet when I click on links it sometimes redirects the links to spam pages.
please advise


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

31/08/2011 23:01:58
mbam-log-2011-08-31 (23-01-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 121884
Time elapsed: 39 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\sjewupig.dll (Trojan.Hiloti) -> No action taken.
c:\WINDOWS\onadeyoxiyalogu.dll (IPH.Trojan.Hiloti.B) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xfenikunodi (Trojan.Hiloti) -> Value: Xfenikunodi -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cdigayidadoti (IPH.Trojan.Hiloti.B) -> Value: Cdigayidadoti -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AE21A9D4-B63D-6969-7627-328601ABA9A3} (Trojan.Agent) -> Value: {AE21A9D4-B63D-6969-7627-328601ABA9A3} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XuoScywv (Trojan.Agent) -> Value: XuoScywv -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\sjewupig.dll (Trojan.Hiloti) -> No action taken.
c:\WINDOWS\onadeyoxiyalogu.dll (IPH.Trojan.Hiloti.B) -> No action taken.
c:\documents and settings\joshua martin\application data\Aqucc\fyerp.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\application data\powgrvnf\xuoscywv.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\Temp\pajqhxycwwbsfymo.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\Temp\wpbt0.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\38GQR9QA\dlatypilhraz[1].exe (Trojan.Hiloti) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\5CEJPCT9\about[1].exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\KVDL48Y3\info[1].exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\NUGYKM1C\calc[1].exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\start menu\programs\startup\xuoscywv.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{057ef1db-699e-460e-a182-554dabf78b4d}\RP112\A0108406.exe (Trojan.Agent) -> No action taken.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP