Strange program connections

Page 2 of 2 FirstFirst 12

  1. wolvenreign
    Posts : 9
    Windows 7/Ubuntu 9.10 dual boot
    Thread Starter
       New #11

    Here's the log from Malwarebytes.

    Code:
    Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4085

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/10/2010 11:03:37 AM
mbam-log-2010-05-10 (11-03-37).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 490557
Time elapsed: 8 hour(s), 46 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    Do you need any more information?

    Edit: Oh, and they won't get anything from me. I don't store information on my Windows side because of it's many security vulnerabilities.
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #12

    Yep, you got a dandy rootkit ThreatExpert Report: Trojan.Generic, Packed.Win32.TDSS.z, Packed.Win32.Krap.x..
      My Computer
    Quote Quote

  4. wolvenreign
    Posts : 9
    Windows 7/Ubuntu 9.10 dual boot
    Thread Starter
       New #13

    Whew, nasty. Did Malwarebytes take it out completely? Is there still something I must do to restore functionality?
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #14

    I would re-install Windows 7 and change all passwords using a known 'clean' computer... not the infected one.

    You may also need to flush your DNS cache and restore the Hosts file. Do this:

    Copy and paste these lines in Note pad.
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0
    Save as flush.bat to your desktop.

    Right click on the batch and run as Administer. Your computer will reboot itself.
      My Computer
    Quote Quote

  7. wolvenreign
    Posts : 9
    Windows 7/Ubuntu 9.10 dual boot
    Thread Starter
       New #15

    Hmm, I just completed that second step you asked for. The problem persists. Must I really reinstall Windows 7? It would be quite the pain. I can see how it would restore functionality, but...if there is a less nuclear option, I would be most rapt to hear it.
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #16

    I don't mess with rootkits. You may be able to work around it, but your computer will never be stable again.
      My Computer
    Quote Quote

  10. wolvenreign
    Posts : 9
    Windows 7/Ubuntu 9.10 dual boot
    Thread Starter
       New #17

    Very well. I will reinstall and edit this post when I am finished.
      My Computer
    Quote Quote

  11. CarlTR6
    Posts : 11,990
    Windows 7 Ultimate 32 bit
       New #18

    Jacee said:
    I don't mess with rootkits. You may be able to work around it, but your computer will never be stable again.
    Excellent advice.
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
Hello- I am having a difficult time deciphering some established Remote/Foreign Addresses in 'netstat' and TCPView. Is there anyone here that could help me out with this?...More info on request. Thank you, in advance, for any help you may afford me. Kind Regards- tim
Looking at my Programs and Features List and Revo Uninstaller, I found a program called 8979. No idea what it is. Does anyone know what it is and what it might do. Thanks.
Hello All : I did have a program before that would show all incoming and outgoing network connections . Anyone know of the name of the program ? 12 Tb of storage and can't remember where I stored it .. Thanks
This morning my wife was saying her computer was acting strangely and then this icon showed up out of nowhere. http://db.tt/o3GBB6Fr It looks vaguely familiar but cant place it. Wife says she has never seen it before. Some other strange symptoms, pop up stating something about a virus...
Hi there, I'm new to the forum... Hello everyone! I did check the tutorials (as well as many google searches) but I couldn't find a mention of this particular issue I'm having. Basically, when I try to create a wireless ad-hoc network, when I come to the screen that asks me for the...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 10:14.
Find Us