Thread: really need help getting rid of virus's and worms
View Single Post
Join Date: Dec 2008
Posts: 5
Reputation: Belinda_k is an unknown quantity at this point 
Solved Threads: 0
Belinda_k Belinda_k is offline Offline
Newbie Poster

Re: really need help getting rid of virus's and worms

 
0
  #3
Dec 21st, 2008
This is malwarebytes log, it actually ran this time.
________________________________________________
Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2

21/12/2008 11:16:40 PM
mbam-log-2008-12-21 (23-16-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 167293
Time elapsed: 47 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\temp.TEMP-4F653CF693\Application Data\m (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Belinda Kohry\Application Data\m (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Belinda Kohry\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Documents and Settings\temp.TEMP-4F653CF693\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1220945662-725345543-682003330-500\Dc73\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-299502267-602162358-725345543-1004\Dc1\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3F7BBA3D-8BA0-4CDC-BE36-2A38D2A7F6C2}\RP8\A0003305.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3F7BBA3D-8BA0-4CDC-BE36-2A38D2A7F6C2}\RP9\A0003372.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3F7BBA3D-8BA0-4CDC-BE36-2A38D2A7F6C2}\RP9\A0003352.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3F7BBA3D-8BA0-4CDC-BE36-2A38D2A7F6C2}\RP9\A0003400.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP10\A0001963.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP11\A0004958.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP11\A0005664.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP12\A0007270.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP14\A0010658.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP14\A0012289.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP20\A0016694.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP20\A0018134.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP21\A0025268.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP21\A0025872.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP22\A0025924.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP23\A0025928.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{81EA92A7-9448-4FD1-9C0C-90D9CB9AAFB2}\RP23\A0026122.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA3D906A-4AE8-4F1F-941B-76577E650302}\RP1\A0000003.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA3D906A-4AE8-4F1F-941B-76577E650302}\RP3\A0000289.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA3D906A-4AE8-4F1F-941B-76577E650302}\RP4\A0000323.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA3D906A-4AE8-4F1F-941B-76577E650302}\RP4\A0000335.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA3D906A-4AE8-4F1F-941B-76577E650302}\RP4\A0000344.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9D9D4EC-0AB0-4256-BF89-2930E6E9824D}\RP5\A0000644.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9D9D4EC-0AB0-4256-BF89-2930E6E9824D}\RP6\A0000943.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9D9D4EC-0AB0-4256-BF89-2930E6E9824D}\RP6\A0001940.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9D9D4EC-0AB0-4256-BF89-2930E6E9824D}\RP7\A0001962.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9D9D4EC-0AB0-4256-BF89-2930E6E9824D}\RP8\A0002158.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9D9D4EC-0AB0-4256-BF89-2930E6E9824D}\RP8\A0002172.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Documents and Settings\temp.TEMP-4F653CF693\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\temp.TEMP-4F653CF693\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\temp.TEMP-4F653CF693\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Belinda Kohry\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Belinda Kohry\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Belinda Kohry\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Belinda Kohry\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\temp.TEMP-4F653CF693\Application Data\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
_________________________________________________

I can't get hijack this to work, it says it's not a valid win32 application.


Belinda
Reply With Quote