1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Gah... first real attack and I'm panicking.

Discussion in 'Malware and Virus Removal Archive' started by Charris, 2008/09/19.

  1. 2008/09/19
    Charris

    Charris Inactive Thread Starter

    Joined:
    2008/09/19
    Messages:
    2
    Likes Received:
    0
    SO here's the story, internet explorer, and firefox's google and yahoo links take me to spam sites. I also can't open up windows explorer.. what do i need to do so you can help me?
     
    Charris,
    #1
  2. 2008/09/19
    Charris

    Charris Inactive Thread Starter

    Joined:
    2008/09/19
    Messages:
    2
    Likes Received:
    0
    This is an MBAM logfile.

    i skipped the Hijack this log file. I'll have that soon.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1179
    Windows 5.1.2600 Service Pack 2

    9/19/2008 7:36:43 PM
    mbam-log-2008-09-19 (19-36-43).txt

    Scan type: Quick Scan
    Objects scanned: 59365
    Time elapsed: 10 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 24
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlkjg (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bndblock4.band (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bndblock4.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bndblock4.bho (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bndblock4.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qdrpack11 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
    C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\nnnlkjg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\000050.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcvp1j0ep4p.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
    C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> Quarantined and deleted successfully.
    C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrModule\dic.gz (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrModule\kwd.gz (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogon.old (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
     
    Charris,
    #2


  3. to hide this advert.

  4. 2008/09/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Charris :)

    Lets see what still needs cleaned up.
    • Download RSIT by random/random and save it to your desktop.
    • Double click RSIT.exe to start the tool.
    • At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
    • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
    • Please post the contents of log.txt here in your next reply.
     
    noahdfear,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...