nick205
|
| posted on 16/8/09 at 08:03 PM |
|
|
Malwarebytes query
Been suffering from internet redirection and what I suspect may be a torjan of some kind on my laptop.
After reading various posts on here recommending Malwarebytes I downloaded and scanned with the following results....
*********************************
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3
15/08/2009 10:46:08
mbam-log-2009-08-15 (10-46-02).txt
Scan type: Full Scan (C:\|)
Objects scanned: 197523
Time elapsed: 1 hour(s), 3 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e8fd36b2-a25b-47e3-9477-82557f5f5995} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8fd36b2-a25b-47e3-9477-82557f5f5995} (Trojan.Banker) -> No action
taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action
taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8fd36b2-a25b-47e3-9477-82557f5f5995}
(Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No
action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad:
(C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\f0f5e01c1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action
taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\HOSKINSN\Application Data\Macromedia\Common\f0f5e01c1.dll (Hijack.Sound) -> No action taken.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> No action taken.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> No action taken.
*********************************
After hitting the "REMOVE" button the software asked for a re-start which I duly did.
A full re-scan returned the following...
*********************************
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3
15/08/2009 14:28:29
mbam-log-2009-08-15 (14-28-29).txt
Scan type: Full Scan (C:\|)
Objects scanned: 197482
Time elapsed: 1 hour(s), 10 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
*********************************
Is it as simple as that...?
I was expecting to have to do the disable system restore etc to actually remove stuff...?
(I appreciate there may be othe issues the Malwarebytes asn't identified so plan to try a couple of other antivirus packages too).
Thanks in advance
Nick
|
|
|
|
|
Ben_Copeland
|
| posted on 16/8/09 at 08:47 PM |
|
|
not always, sometimes they come back.............
Ben
Locost Map on Google Maps
Z20LET Astra Turbo, into a Haynes
Roadster
Enter Your Details Here
http://www.facebook.com/EquinoxProducts for all your bodywork needs!
|
|
|
BenB
|
| posted on 16/8/09 at 09:37 PM |
|
|
In my experience Malwarebytes sorts it out once and for all....
|
|
|
nick205
|
| posted on 17/8/09 at 09:19 AM |
|
|
quote:
Originally posted by BenB
In my experience Malwarebytes sorts it out once and for all....
Now that's the answer I was looking for 
Still feel a little uneasy though - I hate it when a lack of understanding (i.e. in depth computer knowledge) creates doubt in your mind 
|
|
|
