
Community => Games & Programming => Topic started by: Knight on Monday, April 12, 2010, 13:10:04 PM

Title: Virus log
Post by: Knight on Monday, April 12, 2010, 13:10:04 PM
Friends computer got infected with a virus called "Vista Anti-Malware" look it up its annoying as hell. So I ran NOD32 on it and that didn't get rid of it. After that I ran Malware Bytes' which is an awesome program and it found and got rid of this.

Malwarebytes' Anti-Malware 1.45

Database version: 3979

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

4/12/2010 12:06:02 AM
mbam-log-2010-04-12 (00-06-02).txt

Scan type: Quick scan
Objects scanned: 120256
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 18

Memory Processes Infected:
C:\Users\Kitty\AppData\Local\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{2ee92bca-74c4-4d4b-88da-db9f9e3c9f93} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\db2a950f-2598-d263-bcdf-aa1134f71e47 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb05288.tbsb05288.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb05288 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb05288.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\p2pmax (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\p2pmax (Adware.P2Pmax) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b55f4766-6bdc-f595-88c2-88e035f3e30e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b55f4766-6bdc-f595-88c2-88e035f3e30e} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kitty\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\p2pmax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\db2a950f-2598-d263-bcdf-aa1134f71e47.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\Kitty\AppData\Local\Temp\1svbzit1.tmp\antimalware-pro-v04.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\kjtf76802.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\AntiMalwarePro.lnk (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Windows\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\010112010146120114.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101464950.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465653.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\th823567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Kitty\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Kitty\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Windows\System32\eyflbtxmah.dll (Trojan.BHO) -> Quarantined and deleted successfully.

38 infections... How can people function in life with out knowing about basic internet security!?!??! I have had ONE virus in my life and I still haven't proven it was my fault, it was a family computer at the time after all. Any ways morale is don't be a dumb ass on the web, run MWB's cause it rocks and run some sort of anti-virus on your computer.

If one person posts about their MAC's I will delete your post, you have been warned.
Title: Re: Virus log
Post by: Spanky on Monday, April 12, 2010, 15:06:36 PM
Kitty :D
Title: Re: Virus log
Post by: Alex on Monday, April 12, 2010, 15:16:32 PM
I also use Malwarebytes' Anti-Malware, it's an awesome program. I've only had 2 virus' in my life though.
Title: Re: Virus log
Post by: BlueBlaster on Monday, April 12, 2010, 17:28:39 PM
Thats a nasty one there. Theres recently a lot of people I know who have run into that thing. It makes me wonder though because I haven't gotten any viruses at all since 1999.
Title: Re: Virus log
Post by: Knight on Monday, April 12, 2010, 20:21:50 PM
Probably because your not a total dip shit while online blue :P at least I hope you aren't :D