Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Malware Virus Removal

  • 05-04-2010 2:59pm
    #1
    Tattoo_kitten
    Closed Accounts Posts: 6


    This is the log from the first mbam scan as directed by

    http://www.boards.ie/vbulletin/showthread.php?t=2055274237




    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3956

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18904

    05/04/2010 15:36:35
    mbam-log-2010-04-05 (15-36-35).txt

    Scan type: Quick scan
    Objects scanned: 105716
    Time elapsed: 7 minute(s), 30 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    C:\Windows\bill106.exe (Worm.Koobface) -> Failed to unload process.

    Memory Modules Infected:
    c:\Windows\System32\certoko.dll (Trojan.Proxy) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipokoraid (Trojan.Proxy) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\System32\certoko.dll (Trojan.Proxy) -> Delete on reboot.
    C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
    c:\Windows\bill106.exe (Worm.KoobFace) -> Delete on reboot.
    C:\Users\Johnny No Mates\AppData\Local\Temp\zpskon_1270420782.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\010112010146100109.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\010112010146115119.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\rdr_1270465171.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

    Will download SuperAntispyware now


Comments

  • #2
    Tattoo_kitten
    Closed Accounts Posts: 6 Tattoo_kitten


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/05/2010 at 06:59 PM

    Application Version : 4.35.1002

    Core Rules Database Version : 4770
    Trace Rules Database Version: 2582

    Scan type : Complete Scan
    Total Scan Time : 02:34:46

    Memory items scanned : 705
    Memory threats detected : 0
    Registry items scanned : 7662
    Registry threats detected : 0
    File items scanned : 188269
    File threats detected : 17

    Adware.Tracking Cookie
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@www-security-scanner[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@partypoker[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@doubleclick[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@www.mynortonaccount[2].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@youporn[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@2o7[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@admarketplace[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@ads.associatedcontent[2].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@associatedcontent.112.2o7[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@atdmt[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@bridge1.admarketplace[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@bs.serving-sys[2].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@doubleclick[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@e-2dj6wjkykjdzolp.stats.esomniture[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@msnportal.112.2o7[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@serving-sys[2].txt

    Trojan.SVCHost/Fake
    C:\ILLUSTRATOR&TUTORIALS\ADOBE ILLUSTRATOR CS3 PORTABLE\ADOBE ILLUSTRATOR CS3 PORTABLE 7 ZIP\PROGRAM DATA\1000000800002I\SVCHOST.EXE


Advertisement