Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista Security 2012 Trojan


  • Please log in to reply

#1
Sentinel

Sentinel

    Member

  • Member
  • PipPip
  • 13 posts
Hello there,

I somehow got a Trojan last night--didn't click on any popups or anything, was just sitting on a game wiki. I never clicked on the "Vista Security 2012" popup either. Instead, I Ctl-Alt-Del all the processes and was able to run MBAM and AVG. MBAM asked to reboot after finding this: "c:\Users\Sentinel\AppData\Local\ioa.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully."

I rebooted and that's when I realized it did something to my registry because I couldn't run any ".exe." An error message would pop up saying that the file was missing or ask my to identify the program to run the program. I got around this by right-clicking on the programs and selecting "Run as Administrator." I was logged on as such already but somehow this got things going. I was able to run full MBAM and AVG scans. I also ran "exehelper." Now programs run when I double-click, but I have a feeling I missed something in the registry. I still have an extra option on my right-click menu under "Run as Administrator" called "start." This was not there before the problems began yesterday.

Is there any way someone could look over a log and see what parts of this trojan I missed? Or let me know if I did something incorrectly? Thanks so much for your time, I really appreciate it.

Lauren
  • 0

Advertisements


#2
Sentinel

Sentinel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Seems like a lot of people are having trouble with this trojan. Here is my OTL log, if I need to change any settings before scanning let me know:

OTL logfile created on: 6/21/2011 11:33:58 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Sentinel\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 31.78% Memory free
7.88 Gb Paging File | 4.91 Gb Available in Paging File | 62.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.98 Gb Total Space | 194.56 Gb Free Space | 67.56% Space Free | Partition Type: NTFS

Computer Name: EVROS | User Name: Sentinel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/19 01:23:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sentinel\Downloads\OTL.exe
PRC - [2011/04/30 19:11:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/14 14:26:51 | 004,109,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgui.exe
PRC - [2011/03/14 14:26:50 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/11/24 12:29:18 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/07/20 11:10:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:26:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2008/07/28 20:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/28 20:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/06/23 15:22:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2008/06/23 15:22:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/06/02 15:37:52 | 000,094,208 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
PRC - [2008/06/02 15:37:52 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2008/06/02 15:37:50 | 000,065,536 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2008/05/24 22:01:16 | 000,086,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
PRC - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
PRC - [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
PRC - [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
PRC - [2008/05/20 16:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/03 23:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/19 01:23:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Sentinel\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/03 20:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV:64bit: - [2010/04/07 09:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/09/17 00:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/08/06 21:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

Attached Files

  • Attached File  OTL.Txt   85.88KB   85 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP