|
Trojandownloader.xs & others on vista, scans attached
Hi,
I have trojandownloader.xs and other malware which is opening new windows in Explorer.
I am running Vista with Service Pack 1 and have downloaded PC Tools Spyware Doctor which didn't help.
I followed your thead to Tipster and did the Malwarebytes and OTScanIt scans you described for them.
Attached are the scans.
Cheers
Malwarebytes' Anti-Malware 1.11
Database version: 623
Scan type: Quick Scan
Objects scanned: 30514
Time elapsed: 7 minute(s), 36 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 15
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 19
Memory Processes Infected:
C:\ProgramData\xaztsxcy\utcdivoz.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
c:\Users\OEM\AppData\Local\Temp\nnnkLdAS.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Users\OEM\AppData\Local\Temp\tuVligHA.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xaztsxcy (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceb3cd0e (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\OEM\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\OEM\AppData\Local\Temp\nnnkLdAS.dll (Trojan.Vundo) -> Delete on reboot.
C:\ProgramData\xaztsxcy\utcdivoz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tuVligHA.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\OEM\AppData\Local\Temp\asnerwbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\explorer32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\fccAsSJB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tmp00005f8c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tmp0000b0a8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tmp0000cb3a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tmp00015e45 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tmp00016e3c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\tmp0008bf29 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\OEM\AppData\Local\Temp\ovddgsij.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\OEM\AppData\Local\Temp\bx18dxv.dat (Trojan.Agent) -> Quarantined and deleted successfully.
|