|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
04-14-2008, 01:42 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 3
OS: Vista 2007 Service Pack 1
|
Trojandownloader.xs & others on vista, scans attached
Hi,
I have trojandownloader.xs and other malware which is opening new windows in Explorer. I am running Vista with Service Pack 1 and have downloaded PC Tools Spyware Doctor which didn't help. I followed your thead to Tipster and did the Malwarebytes and OTScanIt scans you described for them. Attached are the scans. Cheers Malwarebytes' Anti-Malware 1.11 Database version: 623 Scan type: Quick Scan Objects scanned: 30514 Time elapsed: 7 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 15 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 19 Memory Processes Infected: C:\ProgramData\xaztsxcy\utcdivoz.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: c:\Users\OEM\AppData\Local\Temp\nnnkLdAS.dll (Trojan.Vundo) -> Unloaded module successfully. C:\Users\OEM\AppData\Local\Temp\tuVligHA.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xaztsxcy (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceb3cd0e (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\OEM\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: c:\Users\OEM\AppData\Local\Temp\nnnkLdAS.dll (Trojan.Vundo) -> Delete on reboot. C:\ProgramData\xaztsxcy\utcdivoz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tuVligHA.dll (Trojan.Vundo) -> Delete on reboot. C:\Users\OEM\AppData\Local\Temp\asnerwbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\explorer32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\fccAsSJB.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp00005f8c (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp0000b0a8 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp0000cb3a (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp00015e45 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp00016e3c (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp0008bf29 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\ovddgsij.dll (Trojan.Agent) -> Delete on reboot. C:\Users\OEM\AppData\Local\Temp\bx18dxv.dat (Trojan.Agent) -> Quarantined and deleted successfully. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-16-2008, 01:07 AM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 3
OS: Vista 2007 Service Pack 1
|
Re: Trojandownloader.xs & others on vista, scans attached
Hi,
Sorry looks like he second scan did not attach - trying again. Now gettin dialogue box on startup which says Error loading C:\users OEM\AppData\Local\Temp\nnnkldAS.dll the specified module could not be found also a box which says Windows has blocked some startup programs. Thanks |
|
|
|
| Thread Tools | |
|
|
