Thread: Major virus issue
View Single Post
  #2 (permalink)  
Old 09-11-2008, 08:08 AM
judas judas is offline
Full Member
New Recruit
  
Join Date: Mar 2006
Posts: 79
judas Is a beginner here at D-A-L
Re: Major virus issue
Here is a log file from the malwarebytes program:

Malwarebytes' Anti-Malware 1.30
Database version: 1375
Windows 5.1.2600 Service Pack 3

11/9/2008 2:03:17 AM
mbam-log-2008-11-09 (02-03-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 197318
Time elapsed: 59 minute(s), 4 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 6
Registry Keys Infected: 35
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 45

Memory Processes Infected:
C:\WINDOWS\UGhpbCBTY2Fsb25l\command.exe (Adware.CommAd) -> Failed to unload process.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.
C:\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\ssqOGXoM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xjsnkrpt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\UGhpbCBTY2Fsb25l\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\WINDOWS\system32\c001D60C.mat (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\yfjxhhikmjted.dll (Adware.Rotator) -> Delete on reboot.
C:\WINDOWS\system32\pnutlq.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4822d6b2-97a8-4092-9d87-d29bf21645f5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4822d6b2-97a8-4092-9d87-d29bf21645f5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{a97125ea-6d2c-4675-b76a-e739be8daf75} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a97125ea-6d2c-4675-b76a-e739be8daf75} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c001d60c (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{4822d6b2-97a8-4092-9d87-d29bf21645f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\c mdservice (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\c mdservice (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e8c99b30-d7b7-a1a3-fe85-74e7cff731d2} (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{e8c99b30-d7b7-a1a3-fe85-74e7cff731d2} (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{e8c99b30-d7b7-a1a3-fe85-74e7cff731d2} (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{a97125ea-6d2c-4675-b76a-e739be8daf75} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyld r (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{db22c27d-8c70-aa65-1bbb-a53c4d462695} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db22c27d-8c70-aa65-1bbb-a53c4d462695} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\0008cd8a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\bafppeehbfjjgnqc (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\gadcom (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\Lsass Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqogxom -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqogxom -> Delete on reboot.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ssqOGXoM.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\MoXGOqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MoXGOqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnutlq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xjsnkrpt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tprknsjx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\UGhpbCBTY2Fsb25l\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\WINDOWS\system32\c001D60C.mat (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\UGhpbCBTY2Fsb25l\command.exe (Adware.CommAd) -> Delete on reboot.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfjxhhikmjted.dll (Adware.Rotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC15C903-ECE9-4E58-8930-6C34258A03B7}\RP670\A0068004.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcccbaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plqosuni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOGVMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcdbAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svm\crten4li.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AX5\NLIP56v.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\u2\BMAE3ak.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\sys32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\NI.GSCNS\IUpd721.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temp\VirusRemover2008_Setup_Free_en.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temp\winvsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temp\snapsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcntptdl.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temp\prun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxrdobraxpinbesac.dll (Adware.BHO) -> Quarantined and deleted successfully.
Reply With Quote