TechSpot

Need help with win32/heur Virus: Here are my logs

By mjb0274
Sep 19, 2009
  1. Hi,

    I seem to have a win32/heur virus. I have run Malwarebytes' Anti-Malware and will post the log below, but after reading the other threads am I to understand that I must run Malwarebytes in normal mode, then restart and run it in Safemode, then post those logs? I wanted to check. After rebooting my computer as Malwarebytes said I needed to, the virus is still there. I am running Vista Home Edition.

    Thank you very much for any help that anyone can offer.



    current logs:Malwarebytes' Anti-Malware 1.41
    Database version: 2823
    Windows 6.0.6001 Service Pack 1

    9/20/2009 12:48:18 AM
    mbam-log-2009-09-20 (00-48-17).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 283537
    Time elapsed: 4 hour(s), 34 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 22

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Users\M\AppData\Roaming\RegTool (Rogue.RegTool) -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\QuarantineW\2009-09-18 02-09-290 (Rogue.RegTool) -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\QuarantineW\2009-09-18 02-09-290 (Rogue.RegTool) -> Files: 580 -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

    Files Infected:
    C:\8050435.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalware\AntiMalware.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\Downloads\regtool_key.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\M\Downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT38DA.tmp (Malware.Tool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-36-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-38-150.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-59-440.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 02-01-300.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 09-07-360.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 23-08-050.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-19 19-49-450.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-19 19-58-460.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Windows\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,227   +232

    Go back and look over the 8-steps... Take your time and follow the instructions. They will explain how to post the 3 logs properly
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...