I've been having trouble recently with trojan horses and root-kits, which are causing endless pop-ups to appear in Firefox. I have scanned my hard drive in safe mode with Malwarebytes, and it keeps deleting the troublesome files, but everytime I reboot my computer, they come back.
I scanned my hard drive in safe mode and here is the log file I got:
------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1511
Windows 5.1.2600 Service Pack 2
24/12/2008 08:00:13
mbam-log-2008-12-24 (08-00-13).txt
Scan type: Full Scan (C:\|)
Objects scanned: 198996
Time elapsed: 3 hour(s), 42 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------------------------------
I then restarted my computer in normal mode and scanned it again. Here is the second log file I got:
------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1511
Windows 5.1.2600 Service Pack 2
24/12/2008 10:06:15
mbam-log-2008-12-24 (10-06-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 197919
Time elapsed: 1 hour(s), 28 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tyqaotl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati7hxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati7hxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati7hxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\tyqaotl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati7hxxx.sys (Rootkit.Agent) -> Delete on reboot.
------------------------------------------------------------------
If anybody could help me I would be extremely grateful.
Thanks...