Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan-backdoor-rustock [Solved]

Started by Nishie , May 09 2009 08:25 AM

  • This topic is locked This topic is locked

#16
Nishie
Posted 10 May 2009 - 05:28 PM

Nishie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry its been so long- here's the Malwarebytes'-


lwarebytes' Anti-Malware 1.36
Database version: 2102
Windows 5.1.2600 Service Pack 3

5/9/2009 10:33:53 PM
mbam-log-2009-05-09 (22-33-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 181723
Time elapsed: 36 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And the Super antispyware-



File threats detected : 30

Rogue.Component/Trace
HKLM\Software\Microsoft\A48573F8
HKLM\Software\Microsoft\A48573F8#a48573f8
HKLM\Software\Microsoft\A48573F8#Version

Adware.Tracking Cookie
interplusclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
interplusclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.mediatraffic.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.adserver.adtechus.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.serv.clicksor.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.server.cpmstar.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.smileycentral.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.smileycentral.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.traffic.jostens.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.nads2.nasads.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.nads2.nasads.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.ad1.dmcmedia.co.kr [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.nads3.nasads.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.nads3.nasads.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\cookies.txt ]

Trojan.Unclassified/Solution
C:\WINDOWS\SYSTEM32\733IBKVH.DLL


I'll get the rest up soon
  • 0

Advertisements

#17
Nishie
Posted 11 May 2009 - 02:31 PM

Nishie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
And finally here's the kapersky log-


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 11, 2009 05:53:02
Records in database: 2157823
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 96818
Threat name: 8
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 02:44:31


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\1220abcb-12f466d9 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\2f76bf8b-4445cdcf Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\390cfa18-20d1a4ce Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-7a4e9fbf Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\53c8f8e1-2387a09d Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\69e3afa6-192f30e9 Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\69e3afa6-192f30e9 Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-7cb8d1f9 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\7d3deceb-49184a7d Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\56\363c4a38-440bce44 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\60\328e8d3c-3c97b71c Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\y2marzsr.default\Cache\986B02D1d01 Infected: Exploit.JS.Agent.io 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP659\A0038090.dll Infected: Trojan.Win32.Agent.aljf 1
C:\_OTListIt\MovedFiles\05092009_142224\WINDOWS\system32\0SqtDGhb.exe Infected: Trojan-Downloader.Win32.Firu.arn 1

The selected area was scanned.







As for how the computer's running, i would say it's a lot...smoother. There's hardly any waiting time for the internet now, and even loading microsoft word is faster. The spysweeper doesn't show the trojan anymore.
  • 0

#18
andrewuk
Posted 11 May 2009 - 03:09 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the malwarebytes scan was clean, the superantispyware scan only found remnants and the kaspersky scan found some infections in the java cache, so we will flush it now:

Clearing the Java cache:
there is a nice set of instructions http://www.java.com/.../5000020300.xml

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel and then the Java Control Panel will appear.
  • Click Settings under Temporary Internet Files and the Temporary Files Settings dialog box appears.
  • Click Delete Files and the Delete Temporary Files dialog box appears.
  • Make sure all three boxes are ticked: Downloaded Applets, Downloaded Applications and Other Files and then Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
let me know when you have done that, and we can wrap this up.

andrewuk

Edited by andrewuk, 11 May 2009 - 03:09 PM.

  • 0

#19
Nishie
Posted 11 May 2009 - 08:47 PM

Nishie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I cleared the Java Catche. What's next?
  • 0

#20
andrewuk
Posted 12 May 2009 - 03:23 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello Nishie

congratulations, your logs are clean and another fix is in the can :)

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Follow these steps to uninstall Combofix, the tools used in the removal of malware and to flush your system restore points
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


====STEP 2====
Double-click OTListIt.exe to run it. (Vista users, please right click on OTListIt.exe and select "Run as an Administrator")
  • Click the Clean up button and let the program run
  • when prompted, click Yes to the reboot.
you can also clear away any other tools we used.


====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • MBAM - Malware Bytes Anti Malware is an excellent tool for anyone's antimalware arsenal. This program should be updated and run often.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Comodo Firewall - The use of a firewall is a personal preference, but its certainly a good idea. Comodo is free and light. Remember, never install more than 1 firewall. also remember, do not download the comodo antivirus program if you already have an antivirus program on your machine.
  • Digsby or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • FireFox - Alternate web browser. Open source and quick, Firefox is usually the first thing I install on a new system.
  • NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk
  • 0

#21
andrewuk
Posted 14 May 2009 - 07:04 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP