Hello all, I hope I am posting this correctly. any and all help would be greatly appreciated.
I read the post "[Solved] Win64/patched.a.gen trojan and sirefef" but somewhere else in the forum it says that I should create my own topic and go from there and not use scripts or steps from a previous post because it may brick my computer.
Step 1: Antivirus scanning
Antivirus scan is with ESET Smart Security. I keep getting these hits in my log file
8/31/2012 12:12:59 PM Real-time file system protection file C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:09:00 PM Real-time file system protection file C:\windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by
the application: C:\Windows\System32\services.exe.
8/31/2012 12:08:59 PM Real-time file system protection file C:\windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:08:42 PM Real-time file system protection file C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:08:42 PM Real-time file system protection file C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:07:22 PM Real-time file system protection file C:\windows\system32\services.exe Win64/Patched.A.Gen trojan unable to clean NT AUTHORITY\LOCAL SERVICE Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
Step 2: Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ShagMiester :: SHAGGYS-LAPTOP [administrator]
Protection: Enabled
8/31/2012 12:27:56 PM
mbam-log-2012-08-31 (12-27-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204896
Time elapsed: 6 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
Step 3: GMER
this log came up empty, nothing was displayed
This is part one off logs post.
[LEFT][/LEFT]
I read the post "[Solved] Win64/patched.a.gen trojan and sirefef" but somewhere else in the forum it says that I should create my own topic and go from there and not use scripts or steps from a previous post because it may brick my computer.
Step 1: Antivirus scanning
Antivirus scan is with ESET Smart Security. I keep getting these hits in my log file
8/31/2012 12:12:59 PM Real-time file system protection file C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:09:00 PM Real-time file system protection file C:\windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by
the application: C:\Windows\System32\services.exe.
8/31/2012 12:08:59 PM Real-time file system protection file C:\windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:08:42 PM Real-time file system protection file C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:08:42 PM Real-time file system protection file C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
8/31/2012 12:07:22 PM Real-time file system protection file C:\windows\system32\services.exe Win64/Patched.A.Gen trojan unable to clean NT AUTHORITY\LOCAL SERVICE Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
Step 2: Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ShagMiester :: SHAGGYS-LAPTOP [administrator]
Protection: Enabled
8/31/2012 12:27:56 PM
mbam-log-2012-08-31 (12-27-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204896
Time elapsed: 6 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{c021d48a-fced-b1f8-3d9c-78c12e09b490}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
Step 3: GMER
this log came up empty, nothing was displayed
This is part one off logs post.
[LEFT][/LEFT]