2 replies to this topic

[ickey123]

my computer performed almost like an automatic system restore after catching a virus or something. When trying to undo a restoration, my computer has no previous restore points. Malwarebytes however was still installed and i immediately ran an update and scan and the results are logged below... please any help would be appreciated, thanks!

Malwarebytes' Anti-Malware 1.37
Database version: 2226
Windows 5.1.2600 Service Pack 2

6/3/2009 9:43:52 PM
mbam-log-2009-06-03 (21-43-52).txt

Scan type: Quick Scan
Objects scanned: 102298
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\st_1244049464.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\lquq.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\Temp\temporary internet files\Content.IE5\2FHBP8VY\6244[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\Temp\temporary internet files\Content.IE5\L2FMH5JQ\nfr[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\535.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\zjhufhdfe.exe (Trojan.WinWebSec) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\_A00F10D6F0E4.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\~TM539.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\~TM54EA3A.TMP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\rdl52F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\0R2X10FT\6244[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\20U9DIMA\nfr[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temporary internet files\Content.IE5\B2C2GI9N\pp.10[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Administrator\Local Settings\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Administrator\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Administrator\Local Settings\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\chrome\amba.jar (Trojan.Hanam) -> Quarantined and deleted successfully.

[nosirrah]

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)


This section of the scan indicates that the files detected were not in memory and do not have any automatic load points .

Something odd did happen but it seems that whatever it was did not set up any of this malware in a functional setting .

[ickey123]

thanks for the info.. is there anything else i could do or try to restore my pc back?