1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Trojandowloader.xs c:\windows\wml.exe again

By edw
Apr 1, 2008
  1. I have the same problem =(
    I can't kill it, right now I am running Malwarebytes' scanner, my hijack this log is attached

    Malwarebyes finished, the log is as follows:
    Malwarebytes' Anti-Malware 1.09
    Database version: 580

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 117108
    Time elapsed: 45 minute(s), 40 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 5

    Memory Processes Infected:
    c:\WINDOWS\system32\rgdkzkrs.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\emlkdvo.bqxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mediavideocodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.bvft (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jxohsupr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Clicker) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\WINDOWS\Installer\{8dfa6188-4d05-4e6c-ad5d-abb5ead5ae96} (Trojan.Alphabet) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{f1f8b80b-6798-4214-9711-8e33e2542969} (Trojan.Alphabet) -> Quarantined and deleted successfully.
    C:\Program Files\MediaVideoCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.

    Files Infected:
    c:\WINDOWS\system32\rgdkzkrs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\MediaVideoCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\MediaVideoCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\sxfnewqb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    did I kill it?
    Hijack this is attached in the next post
  2. edw

    edw TS Rookie Topic Starter

    I attached my file
  3. edw

    edw TS Rookie Topic Starter

    come on, no one can help? i can't get rid of this damn worm
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    When you reply to your own thread it looks like you have been helped. That's why it took so long for me to catch your post.

    No you didn't kill it yet

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...