Jump to content


Photo
- - - - -

Trojan.FakeMS.Gen & Malware.Trace


  • This topic is locked This topic is locked
6 replies to this topic

#1 wubster

wubster

    New Member

  • Members
  • Pip
  • 4 posts

Posted 11 December 2010 - 05:30 PM

I have got some files and keys etc that no matter how many times i run MB< an reboot, they always appear

I have also run S and D and online virus scanners taht say they delete but they are there again when i reboot ?

Any advice please

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5297

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/12/2010 22:29:53
mbam-log-2010-12-11 (22-29-53).txt

Scan type: Quick scan
Objects scanned: 176560
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{LF8GPOQ6-5IL0-PVU4-L71H-UPX4J227C15R} (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{LF8GPOQ6-5IL0-PVU4-L71H-UPX4J227C15R} (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Trojan.FakeMS.Gen) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.FakeMS.Gen) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.FakeMS.Gen) -> Value: Policies -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\directory\Update\install\update.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\Wayne\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Wayne\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Wayne\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Wayne\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

#2 wubster

wubster

    New Member

  • Members
  • Pip
  • 4 posts

Posted 11 December 2010 - 06:00 PM

i notice that no matter what c:/directory keeps re-appearing as well...

Even if i delete it and refresh its come back again.

#3 deltalima

deltalima

    True Member

  • Experts
  • PipPipPipPip
  • 305 posts
  • Location:UK

Posted 11 December 2010 - 06:10 PM

Checking your log - back soon.

#4 deltalima

deltalima

    True Member

  • Experts
  • PipPipPipPip
  • 305 posts
  • Location:UK

Posted 11 December 2010 - 06:14 PM

Hi wubster,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

#5 wubster

wubster

    New Member

  • Members
  • Pip
  • 4 posts

Posted 11 December 2010 - 06:22 PM

First two done and attached

Attached Files



#6 deltalima

deltalima

    True Member

  • Experts
  • PipPipPipPip
  • 305 posts
  • Location:UK

Posted 11 December 2010 - 06:36 PM

Hi wubster,

I see from the OTL log that you are running a 64 bit version of Windows. Unfortunately I am only qualified to help with 32 bit Windows.

The best course of action would be for you to read this topic and follow the instructions to post the required logs. By following this procedure you will ensure that the helper who takes your log will be aware that it is a 64 bit system and will be able to help.

Please let me know that you have read this post and I will have the thread archived.

#7 wubster

wubster

    New Member

  • Members
  • Pip
  • 4 posts

Posted 11 December 2010 - 06:46 PM

Read

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users