TechSpot

Need help with win32/heur Virus: Here are my logs

By mjb0274
Sep 19, 2009
Topic Status:
Not open for further replies.
  1. Hi,

    I seem to have a win32/heur virus. I have run Malwarebytes' Anti-Malware and will post the log below, but after reading the other threads am I to understand that I must run Malwarebytes in normal mode, then restart and run it in Safemode, then post those logs? I wanted to check. After rebooting my computer as Malwarebytes said I needed to, the virus is still there. I am running Vista Home Edition.

    Thank you very much for any help that anyone can offer.



    current logs:Malwarebytes' Anti-Malware 1.41
    Database version: 2823
    Windows 6.0.6001 Service Pack 1

    9/20/2009 12:48:18 AM
    mbam-log-2009-09-20 (00-48-17).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 283537
    Time elapsed: 4 hour(s), 34 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 22

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Users\M\AppData\Roaming\RegTool (Rogue.RegTool) -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\QuarantineW\2009-09-18 02-09-290 (Rogue.RegTool) -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\QuarantineW\2009-09-18 02-09-290 (Rogue.RegTool) -> Files: 580 -> Delete on reboot.
    C:\Users\M\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

    Files Infected:
    C:\8050435.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalware\AntiMalware.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\M\Downloads\regtool_key.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\M\Downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Windows\Temp\VRT38DA.tmp (Malware.Tool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-36-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-38-150.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 01-59-440.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 02-01-300.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 09-07-360.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-18 23-08-050.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-19 19-49-450.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Users\M\AppData\Roaming\RegTool\Logs\2009-09-19 19-58-460.log (Rogue.RegTool) -> Quarantined and deleted successfully.
    C:\Windows\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
    C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,865   +165

    Go back and look over the 8-steps... Take your time and follow the instructions. They will explain how to post the 3 logs properly
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.