Jump to content

Malwarebytes

OMG!

- - - - -
Started by diane, Nov 12 2008 02:52 PM

1 reply to this topic

#1
diane
Posted 12 November 2008 - 02:52 PM

    New Member

  • Members
  • Pip
  • 6 posts
all this from opening one email from a person i know. i don't know what this means but it can't be good.

Malwarebytes' Anti-Malware 1.30

Database version: 1385

Windows 5.1.2600 Service Pack 3



11/11/2008 7:46:37 PM

mbam-log-2008-11-11 (19-46-37).txt



Scan type: Full Scan (C:\|)

Objects scanned: 100427

Time elapsed: 42 minute(s), 41 second(s)



Memory Processes Infected: 5

Memory Modules Infected: 3

Registry Keys Infected: 20

Registry Values Infected: 8

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 28



Memory Processes Infected:

C:\Program Files\tinyproxy\tinyproxy.exe (Trojan.Proxy) -> Unloaded process successfully.

C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.

C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.

C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.

C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.



Memory Modules Infected:

C:\WINDOWS\system32\367770\367770.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot.

C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.



Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cad68085-8805-4fd3-aa1e-2e282ed7e7a2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cad68085-8805-4fd3-aa1e-2e282ed7e7a2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cad68085-8805-4fd3-aa1e-2e282ed7e7a2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\apple mobile device (apple mobile device) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\apple mobile device (apple mobile device) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apple mobile device (apple mobile device) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.



Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.



Files Infected:

C:\WINDOWS\system32\367770\367770.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot.

C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.

C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\bolivar25.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

#2
JeanInMontana
Posted 13 November 2008 - 12:28 AM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.
Hi Diane and welcome to Malwarebytes. It may not have been your friend, the address could have been spoofed. To be sure please have your friend download MBAM and scan also.

Please update MBAM and run a new quick scan and post that log, be sure to remove all items found, and post that log then I need a log from this program too please.
Please get HiJack This! install it to C:\Program Files

Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attatchement.

Post the MBAM log and then HJT in the same post. Be sure you have allowed email from this site and chosen to receive email notification of threads you have posted to.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us