http://www.dslreports.com/forum/cleanup Security Cleanup forum current topics en Copyright 2007, dslreports.com Tue, 24 Nov 2009 16:24:22 EDT Tue, 24 Nov 2009 16:24:22 EDT http://i.dslr.net/bbrdisc1.gif http://www.dslreports.com 19 18 bbr disc http://www.dslreports.com/forum/remark,23363000 Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b3983b5e-1b68-44d8-8d36-d9ad07f4778d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrjhgfy (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b3983b5e-1b68-44d8-8d36-d9ad07f4778d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b3983b5e-1b68-44d8-8d36-d9ad07f4778d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3983b5e-1b68-44d8-8d36-d9ad07f4778d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (D:\WINDOWS\system32\pump.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: D:\Documents and Settings\All Users\Application Data\86404426 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: D:\WINDOWS\system32\rqRjhgFY.dll (Trojan.Vundo.H) -> Delete on reboot. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0278277.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0278278.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0279275.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0279276.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0280283.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0280284.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0280290.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1020\A0280291.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1021\A0280295.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1021\A0280299.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1021\A0280300.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1021\A0281304.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1021\A0282308.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{E73D6596-6284-45AC-B19B-F1ADA98664CE}\RP1021\A0282310.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\WINDOWS\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users\Application Data\86404426\86404426.bat (Rogue.Multiple) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users\Application Data\86404426\86404426.exe (Rogue.Multiple) -> Quarantined and deleted successfully. ______________________________________________________ Malwarebytes' Anti-Malware 1.41 Database version: 3181 Windows 5.1.2600 Service Pack 3 (Safe Mode) 11/16/2009 1:59:09 PM mbam-log-2009-11-16 (13-59-09).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|) Objects scanned: 171449 Time elapsed: 1 hour(s), 11 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) ______________________________________________________ ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fa88d1de7a7c1b42b20a9db6389bf290 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-16 05:29:01 # local_time=2009-11-16 09:29:01 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=769 16774142 0 2 44907558 44907558 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 0 25723877 0 0 # scanned=66488 # found=1 # cleaned=1 # scan_time=2807 D:\Program Files\Shareaza\Downloads\amor de pagodinho prova uma zeca.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fa88d1de7a7c1b42b20a9db6389bf290 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-16 07:00:31 # local_time=2009-11-16 11:00:31 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=769 16774142 0 2 44912985 44912985 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 0 25729304 0 0 # scanned=66820 # found=2 # cleaned=2 # scan_time=2869 D:\Documents and Settings\Natalia\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll Win32/Adware.AntivirusPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Natalia\Local Settings\Temporary Internet Files\Content.IE5\EX7871G2\avplus[1].dll Win32/Adware.AntivirusPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fa88d1de7a7c1b42b20a9db6389bf290 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-17 05:34:44 # local_time=2009-11-17 09:34:44 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=769 16774142 0 2 44991109 44991109 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 61536 25807428 0 0 # scanned=67255 # found=0 # cleaned=0 # scan_time=5997 Edits: Updated to security forum a-b-c-d format -- ...there will be an answer. let it be]]> http://www.dslreports.com/forum/remark,23363000 2009-11-19 00:52:52 http://www.dslreports.com/forum/remark,23367397 http://www.dslreports.com/forum/remark,23367397 2009-11-19 20:02:45 http://www.dslreports.com/forum/remark,23347815 http://www.dslreports.com/forum/remark,23347815 2009-11-16 10:09:30 http://www.dslreports.com/forum/remark,23345440 http://www.dslreports.com/forum/remark,23345440 2009-11-15 18:47:12 http://www.dslreports.com/forum/remark,23344885 http://www.dslreports.com/forum/remark,23344885 2009-11-15 16:12:39