• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
fulltank

Trojen infections

3 posts in this topic

I have hopefully followed your newbie requests,

I have run Mcafee, spybot, and anti-Malware and I'm still infected

what ever the root is I have not found it as it keeps coming back

I have provided the following log files and appreciate any help you can provide Thanks:

 

Malwarebytes' Anti-Malware 1.16

Database version: 845

 

9:15:54 PM 06/09/2008

mbam-log-6-9-2008 (21-15-54).txt

 

Scan type: Quick Scan

Objects scanned: 53781

Time elapsed: 14 minute(s), 58 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 12

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{2f25d3d4-4534-4238-b7f3-26d8fa02e808} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f25d3d4-4534-4238-b7f3-26d8fa02e808} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rtsplgob.bgdq (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rtsplgob.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{56d53a84-40dd-4ff2-9847-0e6eb884ce48} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e233af64-f25c-4830-9811-0be2e7015859} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{50be3834-db34-4218-a249-d138ff64a7a2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{65823733-31e1-469f-aa3e-6f9f754ec13a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ce918d49-a10b-4c9f-9bf3-72f50bd763ee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{68cf2ca0-2366-4a98-87ed-c66af92b75be} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\kvsdpfeawlt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\4PUC93C4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\pebgkxwq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:28:50 PM, on 06/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

Share this post


Link to post
Share on other sites

Hi,

 

Will you please submit a fresh HijackThis log.

Your current log is not complete.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0