DaniWeb IT Discussion Community - View Single Post

Re: popups in firefox

Nov 8th, 2008

i am using a pentium 3 863MHz with Winxp sp2
I use firefox 2, and use this computer mainly for browsing purposes.
the anitmalware i mentioned is the same malwarebytes anitmalware mentioned in the read me before request. However i had performed a quick scan previously, but will perform a full scan later.
here is the log of the earlier scan:
Malwarebytes' Anti-Malware 1.30
Database version: 1343
Windows 5.1.2600 Service Pack 2

2008-10-31 20:51:16
mbam-log-2008-10-31 (20-51-16).txt

Scan type: Quick Scan
Objects scanned: 47052
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
D:\WINDOWS\system32\mstbvgpb.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\urqRHaWQ.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9997de8-1685-47d1-903f-f2a862fef950} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b9997de8-1685-47d1-903f-f2a862fef950} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b9997de8-1685-47d1-903f-f2a862fef950} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{030a0f33-5b99-482e-83f5-2eeb8457878b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{030a0f33-5b99-482e-83f5-2eeb8457878b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0ff4138 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: d:\windows\system32\urqrhawq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdptp.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\urqrhawq -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92d437af-0b8a-4735-975e-2d5679051dba}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.164,85.255.112.81 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{92d437af-0b8a-4735-975e-2d5679051dba}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.164,85.255.112.81 -> Delete on reboot.

Folders Infected:
D:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
D:\WINDOWS\system32\urqRHaWQ.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\QWaHRqru.ini (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\QWaHRqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\iekwwjgj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jgjwwkei.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mstbvgpb.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\bpgvbtsm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mtggixei.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\iexiggtm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rkrwacpk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kpcawrkr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xrfvadoh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hodavfrx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xymnejph.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hpjenmyx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kdptp.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
D:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\fxddodac.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kgblktnm.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rpcnyufi.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ufvfcshx.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ypcumgog.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\Documents and Settings\Other\Local Settings\Temporary Internet Files\Content.IE5\8DUZ05YV\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\Documents and Settings\Other\Local Settings\Temporary Internet Files\Content.IE5\ENW8807K\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jahanzeb\Local Settings\Temporary Internet Files\Content.IE5\GHUBSHYV\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jahanzeb\Local Settings\Temporary Internet Files\Content.IE5\GXMJ0TEV\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\675873\675873.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
D:\USM2Trial.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.