Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Malware Virus Removal

  • 05-04-2010 03:59PM
    #1
    Tattoo_kitten
    Closed Accounts Posts: 6


    This is the log from the first mbam scan as directed by

    http://www.boards.ie/vbulletin/showthread.php?t=2055274237




    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3956

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18904

    05/04/2010 15:36:35
    mbam-log-2010-04-05 (15-36-35).txt

    Scan type: Quick scan
    Objects scanned: 105716
    Time elapsed: 7 minute(s), 30 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    C:\Windows\bill106.exe (Worm.Koobface) -> Failed to unload process.

    Memory Modules Infected:
    c:\Windows\System32\certoko.dll (Trojan.Proxy) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipokoraid (Trojan.Proxy) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\System32\certoko.dll (Trojan.Proxy) -> Delete on reboot.
    C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
    c:\Windows\bill106.exe (Worm.KoobFace) -> Delete on reboot.
    C:\Users\Johnny No Mates\AppData\Local\Temp\zpskon_1270420782.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\010112010146100109.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\010112010146115119.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\0101120101465198.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Johnny No Mates\Local Settings\Application Data\rdr_1270465171.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

    Will download SuperAntispyware now


Comments

  • #2
    Tattoo_kitten
    Closed Accounts Posts: 6 Tattoo_kitten


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/05/2010 at 06:59 PM

    Application Version : 4.35.1002

    Core Rules Database Version : 4770
    Trace Rules Database Version: 2582

    Scan type : Complete Scan
    Total Scan Time : 02:34:46

    Memory items scanned : 705
    Memory threats detected : 0
    Registry items scanned : 7662
    Registry threats detected : 0
    File items scanned : 188269
    File threats detected : 17

    Adware.Tracking Cookie
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@www-security-scanner[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@partypoker[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@doubleclick[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@www.mynortonaccount[2].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\johnny_no_mates@youporn[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@2o7[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@admarketplace[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@ads.associatedcontent[2].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@associatedcontent.112.2o7[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@atdmt[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@bridge1.admarketplace[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@bs.serving-sys[2].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@doubleclick[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@e-2dj6wjkykjdzolp.stats.esomniture[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@msnportal.112.2o7[1].txt
    C:\Users\Johnny No Mates\AppData\Roaming\Microsoft\Windows\Cookies\Low\johnny_no_mates@serving-sys[2].txt

    Trojan.SVCHost/Fake
    C:\ILLUSTRATOR&TUTORIALS\ADOBE ILLUSTRATOR CS3 PORTABLE\ADOBE ILLUSTRATOR CS3 PORTABLE 7 ZIP\PROGRAM DATA\1000000800002I\SVCHOST.EXE


Advertisement
Advertisement