-=PCTechTalk=- Re: computer virus problems
- From: "Pam McClure" <pmcclure@xxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Sun, 5 Jul 2009 21:46:25 -0500
Gman,
I found the first scan that I ran and here are the results. Sorry, I just
learned to copy and paste a few minutes ago and need extra practice.
Thank-you,
Pam
Malwarebytes' Anti-Malware 1.38
Database version: 2377
Windows 5.1.2600 Service Pack 3
7/5/2009 5:28:16 PM
mbam-log-2009-07-05 (17-28-16).txt
Scan type: Full Scan (C:\|)
Objects scanned: 247153
Time elapsed: 40 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 7
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 23
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953}
(Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953}
(Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) ->
Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953}
(Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf7husjnfg98gi498aejhiugjkdg4
(Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows
system recover! (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf
(Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID
(Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LowRiskFileTypes
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and
deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
(Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
(Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\CLSID\{7998DC37-D3FE-487C-A60A-7701FCC70CC6}\InprocServer32\(default)
(Hijack.Repdrvfs) -> Bad: (\\?\globalroot\systemroot\installer\e39b94.msi)
Good: (repdrvfs.dll) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Zlob.H) -> Delete on reboot.
c:\documents and settings\mcclure family\local settings\temp\1324687820.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\1375854248.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\214557026.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\221515598.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\2806846262.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\2808961084.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\3614767790.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\3626726362.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\844313580.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\db.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\installb[1].exe
(Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temp\~TM2D.tmp
(Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mcclure family\local settings\temporary internet
files\Content.IE5\6J8WW3NK\ccznrrs[1].txt (Trojan.Downloader) -> Quarantined
and deleted successfully.
c:\WINDOWS\system32\wbem\proquota.exe (Trojan.Dropper) -> Quarantined and
deleted successfully.
c:\documents and settings\McClure Family\Local Settings\temp\csrss.exe
(Trojan.Agent) -> Delete on reboot.
c:\documents and settings\McClure Family\Local Settings\temp\services.exe
(Password.Stealer) -> Delete on reboot.
c:\documents and settings\McClure Family\Application Data\wiaservg.log
(Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR09.exe (Adware.AdvancedVirusRemover) -> Quarantined
and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined
and deleted successfully.
c:\WINDOWS\0101120101465349.dat (Worm.KoobFace) -> Quarantined and deleted
successfully.
c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted
successfully.
----- Original Message -----
From: "Pam McClure" <pmcclure@xxxxxxxxxx>
To: <pctechtalk@xxxxxxxxxxxxx>
Sent: Sunday, July 05, 2009 9:31 PM
Subject: -=PCTechTalk=- Re: computer virus problems
> Gman,
>
> I copied the second log after running the Malwarebytes scan. (Sorry, I
> left
> the house and my 16 year old stated she completed the first test and I
> didn't get it copied. Computers are quite easy for her.) Malwarebytes
> quarantined 72 infections so I was quite impressed. My teenager stated
> she
> had no problems on the computer and my e-mail seems to be working. The
> screen with all my icons is also normal for the first time. I wasn't sure
> if I could find the previous log so I'm sending the second one and only
> one
> infection was found.
> Thanks,
>
> Pam
>
>
> Malwarebytes' Anti-Malware 1.38
> Database version: 2378
> Windows 5.1.2600 Service Pack 3
>
> 7/5/2009 7:58:20 PM
> mbam-log-2009-07-05 (19-58-20).txt
>
> Scan type: Full Scan (C:\|)
> Objects scanned: 247880
> Time elapsed: 39 minute(s), 4 second(s)
>
> Memory Processes Infected: 0
> Memory Modules Infected: 0
> Registry Keys Infected: 0
> Registry Values Infected: 0
> Registry Data Items Infected: 0
> Folders Infected: 0
> Files Infected: 1
>
> Memory Processes Infected:
> (No malicious items detected)
>
> Memory Modules Infected:
> (No malicious items detected)
>
> Registry Keys Infected:
> (No malicious items detected)
>
> Registry Values Infected:
> (No malicious items detected)
>
> Registry Data Items Infected:
> (No malicious items detected)
>
> Folders Infected:
> (No malicious items detected)
>
> Files Infected:
> c:\documents and settings\mcclure family\local settings\temp\175759804.exe
> (Trojan.Dropper)
> ----- Original Message -----
> From: "Gman" <gman.pctt@xxxxxxxxx>
> To: <pctechtalk@xxxxxxxxxxxxx>
> Sent: Saturday, July 04, 2009 9:51 PM
> Subject: -=PCTechTalk=- Re: computer virus problems
>
>
>> Correct! Only the paid version had that feature, which is why I said you
>> shouldn't bother trying to buy it.
>>
>> Did you create these screenshots for us to see? If so, can you upload
>> them
>> somewhere so we can take a peek?
>>
>> Peace,
>> Gman
>>
>> http://www.thevenusproject.com/index.php
>>
>> "The only dumb questions are the ones we fail to ask"
>>
>> ----- Original Message -----
>> From: "cristy" <poppy0206@xxxxxxx>
>> To: <pctechtalk@xxxxxxxxxxxxx>
>> Sent: Saturday, July 04, 2009 8:58 AM
>> Subject: -=PCTechTalk=- Re: computer virus problems
>>
>>
>>> Thanks Gman,
>>>
>>> I did not think you had real time anyway unless it was a paid version?
>>> I
>>> ran a quick scan of malwarebytes and it found two things, security
>>> disabled?
>>> I took pictures of my screen as it lead me to my registry. I am not
>>> sure
>>> what that is though as my antivirus and firewall are working fine it
>>> seems
>>> (I use my schools' symantic corp) and free zone alarm.
>>>
>>> Christy
>>
>> ---------------------------------------------------------------
>> Please remember to trim your replies (including this sentence and
>> everything below it) and adjust the subject line as necessary.
>>
>> To subscribe, unsubscribe or modify your email settings:
>> http://www.freelists.org/webpage/pctechtalk
>> OR
>> To subscribe to the mailing list, send an email to
>> pctechtalk-request@xxxxxxxxxxxxx with "subscribe" in the Subject. To
>> unsubscribe send email to pctechtalk-request@xxxxxxxxxxxxx with
>> "unsubscribe" in the Subject.
>>
>> To access our Archives:
>> http://groups.yahoo.com/group/PCTechTalk/messages/
>> http://www.freelists.org/archives/pctechtalk/
>>
>> To contact only the PCTT Mod Squad, write to:
>> pctechtalk-moderators@xxxxxxxxxxxxx
>>
>> To join our separate PCTableTalk off-topic group, send a blank email to:
>> pctabletalk+subscribe@xxxxxxxxxxxxxxxx
>> ---------------------------------------------------------------
>>
>
>
> --------------------------------------------------------------------------------
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.375 / Virus Database: 270.13.5/2219 - Release Date: 07/05/09
> 05:53:00
>
> ---------------------------------------------------------------
> Please remember to trim your replies (including this sentence and
> everything below it) and adjust the subject line as necessary.
>
> To subscribe, unsubscribe or modify your email settings:
> http://www.freelists.org/webpage/pctechtalk
> OR
> To subscribe to the mailing list, send an email to
> pctechtalk-request@xxxxxxxxxxxxx with "subscribe" in the Subject. To
> unsubscribe send email to pctechtalk-request@xxxxxxxxxxxxx with
> "unsubscribe" in the Subject.
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> http://www.freelists.org/archives/pctechtalk/
>
> To contact only the PCTT Mod Squad, write to:
> pctechtalk-moderators@xxxxxxxxxxxxx
>
> To join our separate PCTableTalk off-topic group, send a blank email to:
> pctabletalk+subscribe@xxxxxxxxxxxxxxxx
> ---------------------------------------------------------------
>
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.375 / Virus Database: 270.13.5/2219 - Release Date: 07/05/09
05:53:00
---------------------------------------------------------------
Please remember to trim your replies (including this sentence and everything
below it) and adjust the subject line as necessary.
To subscribe, unsubscribe or modify your email settings:
http://www.freelists.org/webpage/pctechtalk
OR
To subscribe to the mailing list, send an email to
pctechtalk-request@xxxxxxxxxxxxx with "subscribe" in the Subject. To
unsubscribe send email to pctechtalk-request@xxxxxxxxxxxxx with "unsubscribe"
in the Subject.
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/
To contact only the PCTT Mod Squad, write to:
pctechtalk-moderators@xxxxxxxxxxxxx
To join our separate PCTableTalk off-topic group, send a blank email to:
pctabletalk+subscribe@xxxxxxxxxxxxxxxx
---------------------------------------------------------------
Other related posts: