LocostBuilders - powered by XMB

Malwarebytes query

nick205 - 16/8/09 at 08:03 PM

Been suffering from internet redirection and what I suspect may be a torjan of some kind on my laptop.

After reading various posts on here recommending Malwarebytes I downloaded and scanned with the following results....

*********************************
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

15/08/2009 10:46:08
mbam-log-2009-08-15 (10-46-02).txt

Scan type: Full Scan (C:|)
Objects scanned: 197523
Time elapsed: 1 hour(s), 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOTCLSID{e8fd36b2-a25b-47e3-9477-82557f5f5995} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{e8fd36b2-a25b-47e3-9477-82557f5f5995} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{e8fd36b2-a25b-47e3-9477-82557f5f5995} (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMRSoft (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTCLSIDe405.e405mgr (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOTvideoPl.chl (Trojan.Zlob) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunrundll32.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32wave1 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32midi1 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32mixer1 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32aux1 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32midi2 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32wave2 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32aux2 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32mixer2 (Hijack.Sound) -> Bad: (COCUME~1LOCALS~1APPLIC~1MACROM~1Commonf0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
Cocuments and SettingsHOSKINSNApplication DataMacromediaCommonf0f5e01c1.dll (Hijack.Sound) -> No action taken.
C:WINDOWSmsacm32.drv (Trojan.Agent) -> No action taken.
C:WINDOWSwuasirvy.dll (Trojan.Banker) -> No action taken.
*********************************

After hitting the "REMOVE" button the software asked for a re-start which I duly did.

A full re-scan returned the following...

*********************************
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

15/08/2009 14:28:29
mbam-log-2009-08-15 (14-28-29).txt

Scan type: Full Scan (C:|)
Objects scanned: 197482
Time elapsed: 1 hour(s), 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
*********************************

Is it as simple as that...?

I was expecting to have to do the disable system restore etc to actually remove stuff...?

(I appreciate there may be othe issues the Malwarebytes asn't identified so plan to try a couple of other antivirus packages too).

Thanks in advance

Nick

Ben_Copeland - 16/8/09 at 08:47 PM

not always, sometimes they come back.............

BenB - 16/8/09 at 09:37 PM

In my experience Malwarebytes sorts it out once and for all....

nick205 - 17/8/09 at 09:19 AM

quote:
Originally posted by BenB
In my experience Malwarebytes sorts it out once and for all....

Now that's the answer I was looking for

Still feel a little uneasy though - I hate it when a lack of understanding (i.e. in depth computer knowledge) creates doubt in your mind