|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
04-14-2008, 12:42 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 3
OS: Vista 2007 Service Pack 1
|
Trojandownloader.xs & others on vista, scans attached
Hi,
I have trojandownloader.xs and other malware which is opening new windows in Explorer. I am running Vista with Service Pack 1 and have downloaded PC Tools Spyware Doctor which didn't help. I followed your thead to Tipster and did the Malwarebytes and OTScanIt scans you described for them. Attached are the scans. Cheers Malwarebytes' Anti-Malware 1.11 Database version: 623 Scan type: Quick Scan Objects scanned: 30514 Time elapsed: 7 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 15 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 19 Memory Processes Infected: C:\ProgramData\xaztsxcy\utcdivoz.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: c:\Users\OEM\AppData\Local\Temp\nnnkLdAS.dll (Trojan.Vundo) -> Unloaded module successfully. C:\Users\OEM\AppData\Local\Temp\tuVligHA.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xaztsxcy (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceb3cd0e (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\OEM\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: c:\Users\OEM\AppData\Local\Temp\nnnkLdAS.dll (Trojan.Vundo) -> Delete on reboot. C:\ProgramData\xaztsxcy\utcdivoz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tuVligHA.dll (Trojan.Vundo) -> Delete on reboot. C:\Users\OEM\AppData\Local\Temp\asnerwbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\explorer32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\fccAsSJB.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp00005f8c (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp0000b0a8 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp0000cb3a (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp00015e45 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp00016e3c (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\tmp0008bf29 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Users\OEM\AppData\Local\Temp\ovddgsij.dll (Trojan.Agent) -> Delete on reboot. C:\Users\OEM\AppData\Local\Temp\bx18dxv.dat (Trojan.Agent) -> Quarantined and deleted successfully. |
|
     |
| Sponsored Links |
|
04-16-2008, 12:07 AM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 3
OS: Vista 2007 Service Pack 1
|
Re: Trojandownloader.xs & others on vista, scans attached
Hi,
Sorry looks like he second scan did not attach - trying again. Now gettin dialogue box on startup which says Error loading C:\users OEM\AppData\Local\Temp\nnnkldAS.dll the specified module could not be found also a box which says Windows has blocked some startup programs. Thanks |
|
|
|
| Thread Tools | |
|
|
