No replies to this topic

[Panoramix0903]

Hi.



One of my PC has been infected with the trojans.

WinCtrl32.dll + Winfl06.sys


MBAM has found it, but was unable to delete it, despite many Windows restarts, choosing the remove option.
The only tool, able to delete this infection, has been ComboFix

http://download.blee...Bs/ComboFix.exe


Here is info from MBAM log:


Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600

27. 10. 2008 14:22:31
mbam-log-2008-10-27 (14-22-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 55009
Time elapsed: 28 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winfl06 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winfl06 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winfl06 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\Winfl06.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.