Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.06.06
Windows XP Service Pack 1 x86 NTFS
Internet Explorer 6.0.2800.1106
Administrator :: SUN-6H5NHFR7L5C [administrator]
2012-1-6 21:18:44
mbam-log-2012-01-06 (21-18-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 154185
Time elapsed: 3 minute(s), 36 second(s)
Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\FiqVFmUcesohLm.exe (Rogue.FakeHDD) -> 1724 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SggGd86F9xBnVF.exe (Trojan.FakeAlert) -> 1688 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FiqVFmUcesohLm.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\FiqVFmUcesohLm.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Documents and Settings\All Users\Application Data\FiqVFmUcesohLm.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SggGd86F9xBnVF.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\oiu0.6198862887578649.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\DqtotSVpshKYpw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\wera0.3784665752635392.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-06 21:33:48
Windows 5.1.2600 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 ST316002 rev.8.01
Running: utoh4zsi.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtyqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
www.malwarebytes.org
Database version: v2012.01.06.06
Windows XP Service Pack 1 x86 NTFS
Internet Explorer 6.0.2800.1106
Administrator :: SUN-6H5NHFR7L5C [administrator]
2012-1-6 21:18:44
mbam-log-2012-01-06 (21-18-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 154185
Time elapsed: 3 minute(s), 36 second(s)
Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\FiqVFmUcesohLm.exe (Rogue.FakeHDD) -> 1724 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SggGd86F9xBnVF.exe (Trojan.FakeAlert) -> 1688 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FiqVFmUcesohLm.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\FiqVFmUcesohLm.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Documents and Settings\All Users\Application Data\FiqVFmUcesohLm.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\SggGd86F9xBnVF.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\oiu0.6198862887578649.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\DqtotSVpshKYpw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\wera0.3784665752635392.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-06 21:33:48
Windows 5.1.2600 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 ST316002 rev.8.01
Running: utoh4zsi.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtyqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----