Solve : Got a Virus (maybe a trojan?) Help Appreciated? – InterviewSolution

InterviewSolution

1.	Solve : Got a Virus (maybe a trojan?) Help Appreciated?
Answer» Hello Folks, thanks for looking at my problems! I followed the Malware Removal Steps guide step by step and want to follow up with my 3 logs and a description of the problem. Basically today I was surfing, had not gone to any odd sites recently and no odd downloads, and had AVG Free (fully updated) and TeaTimer running. TeaTimer started freaking out with some virus obviously trying to change my registry again and again. AVG then picked up on what was going on and asked me if I wanted to fix the infected files, but when I did that, then it said more files were being infected (I assume they were files being infected, although I really don't know how it works). I turned off the computer, disconnected it from the internet, and found your website on my other computer. I have not plugged it back into the web since but also haven't had the same problem as before except for 2 random notifications by AVG that something was wrong. Thanks for reading. I figure its better to be more detailed than less. Also, I have Windows XP Home Edition w/ SP3. Thank you for your time. Its greatly appreciated! Here are my 3 scans: ======================================================== MBAM LOG Malwarebytes' Anti-Malware 1.36 Database version: 2016 Windows 5.1.2600 Service Pack 3 4/20/2009 8:14:00 PM mbam-log-2009-04-20 (20-14-00).txt Scan type: Quick Scan Objects scanned: 80154 Time elapsed: 4 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96a4be9d-de5f-413f-86ae-02a621d6d99f} (Trojan.Vundo.H) -&GT; Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{96a4be9d-de5f-413f-86ae-02a621d6d99f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sai.instantiator (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\sai.instantiator.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nitujuyuki (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ============================================= SUPER ANTI SPY SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/20/2009 at 07:37 PM Application Version : 4.26.1000 Core Rules Database Version : 3853 Trace Rules Database Version: 1805 Scan type : COMPLETE Scan Total Scan Time : 02:11:24 Memory items scanned : 372 Memory threats detected : 2 Registry items scanned : 5529 Registry threats detected : 6 File items scanned : 99200 File threats detected : 7 Adware.Vundo/Variant-EC C:\WINDOWS\SYSTEM32\LARAGUJI.DLL C:\WINDOWS\SYSTEM32\LARAGUJI.DLL C:\WINDOWS\SYSTEM32\NOKANOZA.DLL C:\WINDOWS\SYSTEM32\NOKANOZA.DLL Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKU\S-1-5-21-2696987157-2951269213-3466700681-1007\Software\Microsoft\FIAS4057 Adware.180solutions/Seekmo/Zango C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPSAIDETECT.DLL C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPSAIX.DLL Adware.Vundo/Variant C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20090420-143502-882.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP937\A0158237.DLL Adware.SeekSuggest C:\WINDOWS\JESTERTB.DLL ============================== HIJACK THIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:25:38 PM, on 4/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\X3watch\x3watch.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Apoint\Apoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [nitujuyuki] Rundll32.exe "C:\WINDOWS\system32\nokanoza.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [nitujuyuki] Rundll32.exe "C:\WINDOWS\system32\nokanoza.dll",s (User 'NETWORK SERVICE') O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\laraguji.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WATCHDOG (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick STARTER (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 3327 bytes

Discussion

No Comment Found

Related InterviewSolutions