Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown malware- MBAM log attached

Started by thero_cpd , Aug 31 2011 04:05 PM

  • Please log in to reply

#1
thero_cpd
Posted 31 August 2011 - 04:05 PM

thero_cpd

    Member

  • Member
  • PipPip
  • 99 posts
please see below attached MBAM log; what ever I have seems to be preventing mbam from actually removing anything. the second I click to remove these items MBAM crashes. Also on internet when I click on links it sometimes redirects the links to spam pages.
please advise


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

31/08/2011 23:01:58
mbam-log-2011-08-31 (23-01-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 121884
Time elapsed: 39 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\sjewupig.dll (Trojan.Hiloti) -> No action taken.
c:\WINDOWS\onadeyoxiyalogu.dll (IPH.Trojan.Hiloti.B) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xfenikunodi (Trojan.Hiloti) -> Value: Xfenikunodi -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cdigayidadoti (IPH.Trojan.Hiloti.B) -> Value: Cdigayidadoti -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AE21A9D4-B63D-6969-7627-328601ABA9A3} (Trojan.Agent) -> Value: {AE21A9D4-B63D-6969-7627-328601ABA9A3} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XuoScywv (Trojan.Agent) -> Value: XuoScywv -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\sjewupig.dll (Trojan.Hiloti) -> No action taken.
c:\WINDOWS\onadeyoxiyalogu.dll (IPH.Trojan.Hiloti.B) -> No action taken.
c:\documents and settings\joshua martin\application data\Aqucc\fyerp.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\application data\powgrvnf\xuoscywv.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\Temp\pajqhxycwwbsfymo.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\Temp\wpbt0.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\38GQR9QA\dlatypilhraz[1].exe (Trojan.Hiloti) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\5CEJPCT9\about[1].exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\KVDL48Y3\info[1].exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\local settings\temporary internet files\Content.IE5\NUGYKM1C\calc[1].exe (Trojan.Agent) -> No action taken.
c:\documents and settings\joshua martin\start menu\programs\startup\xuoscywv.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{057ef1db-699e-460e-a182-554dabf78b4d}\RP112\A0108406.exe (Trojan.Agent) -> No action taken.
  • 0

Advertisements

#2
RKinner
Posted 31 August 2011 - 06:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP