Capt_Rick

Members
  • Content count

    1
  • Joined

  • Last visited

About Capt_Rick

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Please provide advise on removing Malware.Trace and Trojan.Vundo using the following log files: Malwarebytes' Anti-Malware 1.31 Database version: 1565 Windows 5.1.2600 Service Pack 3 12/29/2008 1:53:03 PM mbam-log-2008-12-29 (13-53-03).txt Scan type: Full Scan (C:\|) Objects scanned: 141308 Time elapsed: 25 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-30 08:34:13 PROTECTIONS: 1 MALWARE: 13 SUSPECTS: 2 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Sunbelt VIPRE 3.1.2416 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan 00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@atdmt[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@tribalfusion[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@com[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@ad.yieldmanager[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@server.iad.liveperson[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@ads.pointroll[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@questionmarket[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@adrevolver[2].txt 01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Rick Gillis\Cookies\rick_gillis@enhance[2].txt 04466763 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\System32\cfdway.dll 04466763 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\etlcuoha.dll ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location 9 ;=============================================================================== ================================================================================ = =================== No C:\Documents and Settings\Rick Gillis\Desktop\ComboFix.exe 9 No D:\Mars C Drive Backup 4-2-2008\Desktop\DiagramDesignerSetup.exe[D:\Mars C Drive Backup 4-2-2008\Desktop\DiagramDesignerSetup.exe][uninstall.exe] ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description 9 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:38:17 AM, on 12/30/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Citrix\GoToMeeting\320\g2mcomm.exe C:\Program Files\Citrix\GoToMeeting\320\g2mlauncher.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080710 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ij.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080710 O2 - BHO: {30bc030f-1ceb-b4eb-c864-c846663b4890} - {0984b366-648c-468c-be4b-bec1f030cb03} - C:\WINDOWS\system32\cfdway.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE