Tech Support Forum - View Single Post - [SOLVED] dowloaded file - did NOT open or install it - virus program showed trojan -

Katana · 11-12-2008, 06:38 AM

Information

It doesn't look like you got infected, but let's make sure
----------------------------------------------------------- -----------------------------------------------------------

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Files )

Code:

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"=-
"SetPanel"=-
"eRecoveryService"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=-
"ISUSPM Startup"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd39160-4672-11dd-8da4-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd391c4-4672-11dd-8da4-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5604dd03-42c5-11dd-82fb-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5604dd16-42c5-11dd-82fb-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab01aeaf-48d8-11dd-9cb1-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab01aec2-48d8-11dd-9cb1-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf716afd-84da-11dd-b4fa-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{effff3a7-488c-11dd-9645-0019d2cf588b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{effff3ba-488c-11dd-9645-0019d2cf588b}]
:Files
:Commands
[Purity]
[EmptyTemp]

Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Malwarebytes Log
OTMI Log

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

11-12-2008, 06:38 AM	#5 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,361 OS: W2K SP4 + XP SP2 + Vista	Re: dowloaded file - did NOT open or install it - virus program showed trojan - DANGE *Information* It doesn't look like you got infected, but let's make sure ----------------------------------------------------------- ----------------------------------------------------------- *Step 1* Malwarebytes' Anti-Malware Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt ----------------------------------------------------------- ----------------------------------------------------------- *Step 2* OTMoveIt Please download OTMoveIt3 by OldTimer and save it to your desktop Double-click OTMoveIt3.exe to run it. Copy the lines in the codebox below. ( Make sure you include :Files ) Code: :Reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour"=- "SetPanel"=- "eRecoveryService"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "updateMgr"=- "ISUSPM Startup"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd39160-4672-11dd-8da4-806e6f6e6963}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cd391c4-4672-11dd-8da4-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5604dd03-42c5-11dd-82fb-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5604dd16-42c5-11dd-82fb-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab01aeaf-48d8-11dd-9cb1-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab01aec2-48d8-11dd-9cb1-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf716afd-84da-11dd-b4fa-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{effff3a7-488c-11dd-9645-0019d2cf588b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{effff3ba-488c-11dd-9645-0019d2cf588b}] :Files :Commands [Purity] [EmptyTemp] Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt3 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ----------------------------------------------------------- ----------------------------------------------------------- *Step 3* Logs/Information to Post in Reply Please post the following logs/Information in your reply Malwarebytes Log OTMI Log ----------------------------------------------------------- ----------------------------------------------------------- *Additional Notes* Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system. Adobe Reader is a large program and uses unnecessary space. If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended There is a newer version of Adobe Acrobat Reader available. Please go to this link Adobe Acrobat Reader Download Link Click Download On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation. Click the Continue button Click Run, and click Run again Next click the Install Now button and follow the on screen prompts When the installation is complete go to Add/Remove Programs and uninstall all previous versions. __________________