spyware/virus named 'Troj/Rustok-N'

View previous topic View next topic Go down

Solved Re: spyware/virus named 'Troj/Rustok-N'

Post by SSaatchi on 25th February 2009, 6:52 pm

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

2/25/2009 1:52:24 PM
mbam-log-2009-02-25 (13-52-24).txt

Scan type: Quick Scan
Objects scanned: 72744
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{81fee19f-341e-43d8-805d-987dc598fbff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-7-0-27-100026495-100007155-100014976-4463.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gaopdxydsxpntt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxljwqjbow.sys (Trojan.Agent) -> Quarantined and deleted successfully.

SSaatchi
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2008-12-29
OS OS : Windows XP
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: spyware/virus named 'Troj/Rustok-N'

Post by Belahzur on 25th February 2009, 6:56 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\autorun.PNF


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: spyware/virus named 'Troj/Rustok-N'

Post by SSaatchi on 25th February 2009, 7:02 pm

========== FILES ==========
C:\autorun.PNF moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_140146

SSaatchi
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2008-12-29
OS OS : Windows XP
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: spyware/virus named 'Troj/Rustok-N'

Post by Belahzur on 25th February 2009, 7:03 pm

Hello.
How is it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: spyware/virus named 'Troj/Rustok-N'

Post by SSaatchi on 25th February 2009, 7:04 pm

Perfect, Thank you again, and I am sure this isn't the last time you'll see me. I hope thats ok

SSaatchi
Intermediate
Intermediate

Posts Posts : 50
Joined Joined : 2008-12-29
OS OS : Windows XP
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: spyware/virus named 'Troj/Rustok-N'

Post by Belahzur on 25th February 2009, 7:05 pm

It's fine, just try to stay safe.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum