MBAM - regedit,task manager, firewall disabled by trojan

[Reikan_Heiwa]

I reinstalled OS - Windows XP SP2 and I got trojan somehow

I can't open regedit or msconfig , firewall turn off by it self, I have tuneup utilites and I can acces to task manager and registry with it, but this trojan wont let me install any antivirus software.

 

This is mbam log

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.05.02

 

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

 :: CVETKOVI-3FF64A [administrator]

 

5.4.2014 10:14:09

MBAM-log-2014-04-05 (19-59-33).txt

 

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 297089

Time elapsed: 1 hour(s), 14 minute(s), 2 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-6858374895-8517247146-070345398-4936\nissan.exe -> No action taken.

 

Registry Data Items Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 10

C:\Documents and Settings\CVETKOVIC\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\003\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0014381.exe (Trojan.ExploitDrop.BV) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0016058.exe (Trojan.ExploitDrop.BV) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0017673.exe (Trojan.ExploitDrop.BV) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP21\A0018149.exe (Trojan.ExploitDrop.BV) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP21\A0018582.exe (Trojan.ExploitDrop.BV) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP22\A0019613.exe (Trojan.Agent.CK) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP23\A0019927.exe (Trojan.Agent.CK) -> No action taken.

D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP23\A0019827.exe (Trojan.Agent.CK) -> No action taken.

F:\ndwfq.pif (Trojan.Agent) -> No action taken.

 

(end)

 

 

[Reikan_Heiwa]

I forgot to say, I deleted them after scan but still same situation

[daledoc1]

Hello and welcome:

 

 

Most of those detections appear to be in old system restore points, but there is some other, serious stuff going on.

However, we can't work on malware diagnostics and removal in this sub-section of the forum.

So, if you think you might be infected, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you through the cleanup process.

Thanks,

daledoc1