Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Help removing infections  (Read 7161 times)

0 Members and 1 Guest are viewing this topic.

pims

    Topic Starter


    Rookie

    Help removing infections
    « on: April 24, 2010, 08:54:27 AM »
    Hi everyone

    I got infected with various things.  I ran malware bytes and hijack and think most is gone but would appreciate an expert review my logs

    Here is malware logs

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3947

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    4/24/10 10:36:08 AM
    mbam-log-2010-04-24 (10-36-08).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 254838
    Time elapsed: 1 hour(s), 54 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 18
    Registry Values Infected: 6
    Registry Data Items Infected: 7
    Folders Infected: 10
    Files Infected: 16

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\gtsou\Local Settings\Application Data\vma.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\gtsou\Local Settings\Application Data\vma.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\gtsou\Local Settings\Application Data\vma.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
    C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
    C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\Program Files\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\gtsou\Local Settings\Temp\waxsecrmon.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Local Settings\Temp\RarSFX0\hor0410e.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
    C:\Program Files\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Local Settings\Temp\Qmm.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Documents and Settings\gtsou\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\TEMP\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Local Settings\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
    C:\WINDOWS\TEMP\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gtsou\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\TEMP\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    Logged

    pims

      Topic Starter


      Rookie

      Re: Help removing infections
      « Reply #1 on: April 24, 2010, 08:56:43 AM »
      and here is the hijack log...attached
      Logged

      pims

        Topic Starter


        Rookie

        Re: Help removing infections
        « Reply #2 on: April 24, 2010, 09:01:06 AM »
        not sure if the attachment worked and can't seem to paste text of hijack log
        Logged
        Pages: [1]   Go Up
        « previous next »