TechSpot

Help pc-antispyware Virus Malwarebytes log please look

By cncastro
Sep 14, 2008
  1. I have picked up a land mine. I ran Malwarebites and here is the log. I could use some help please. Thank you

    Malwarebytes' Anti-Malware 1.28
    Database version: 1153
    Windows 5.1.2600 Service Pack 3

    9/14/2008 8:12:39 PM
    mbam-log-2008-09-14 (20-12-39).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 145670
    Time elapsed: 1 hour(s), 46 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 4
    Registry Keys Infected: 19
    Registry Values Infected: 3
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\SYSTEM32\nntyjrck.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\rqRKAPiJ.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\ttajaj.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\mgxfebsq.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2cae3c1a-bcca-4f5f-bd0b-2d1ac16a4387} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2cae3c1a-bcca-4f5f-bd0b-2d1ac16a4387} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d3dc08d-381d-42ce-8562-5f627626c2d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyvsiij (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5d3dc08d-381d-42ce-8562-5f627626c2d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93064e40-603c-4e6d-ac3b-b2fed24a6f88} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{93064e40-603c-4e6d-ac3b-b2fed24a6f88} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7abca4e2-1876-4bdc-b59c-8f9202b10440} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ae952048-135b-42f0-8f56-1599703ced63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\fqbewlna.bdql (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\fqbewlna.bqmg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44bad27f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5d3dc08d-381d-42ce-8562-5f627626c2d9} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mgxfebsq (Trojan.FakeAlert) -> Delete on reboot.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrkapij -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" /s) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkapij -> Delete on reboot.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\SYSTEM32\ttajaj.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\xxyvSiij.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\rqRKAPiJ.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\JiPAKRqr.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\JiPAKRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\nntyjrck.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\kcrjytnn.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP41\A0004681.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\opnkkHXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\sfrwbdas.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\mgxfebsq.dll (Trojan.FakeAlert) -> Delete on reboot.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Follow the New Preliminary Removal Instructions , and attach [​IMG] the requested logs:

    1) Malwarebytes Anti Malware log
    2) SuperAntiSpyware log
    3) Hijackthis log

    Attach ! Not copy and paste
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...