 |  |  |  |  |  |  |  |
trojan.conficker.H
 |
HI, anyone please help.
below are the log after scanning but after restart pc, the conficker still appear.
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
17/09/2009 17:36:28
mbam-log-2009-09-17 (17-36-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 4812
Time elapsed: 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Delete on reboot.
Files Infected:
S:\autorun.inf (Trojan.Conficker.H) -> Delete on reboot.
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Delete on reboot.
below are the log after scanning but after restart pc, the conficker still appear.
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
17/09/2009 17:36:28
mbam-log-2009-09-17 (17-36-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 4812
Time elapsed: 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Delete on reboot.
Files Infected:
S:\autorun.inf (Trojan.Conficker.H) -> Delete on reboot.
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Delete on reboot.
•
•
Join Date: Jul 2008
Posts: 2,963
Reputation: 
Solved Threads: 169
Your MBA-M program was not updated prior to the scan. Your database shows as 2775 which is at least 4 days out of date. Current database version is 2818.
BUT you must have a major problem there. Your log clearly shows the following;
Scan type: Full Scan (C:\|)
Objects scanned: 4812
Time elapsed: 9 second(s)
What in the world was scanned? No computer only has 4812 files! And NO MBA-M full scan would only take 9 seconds!
BUT you must have a major problem there. Your log clearly shows the following;
Scan type: Full Scan (C:\|)
Objects scanned: 4812
Time elapsed: 9 second(s)
What in the world was scanned? No computer only has 4812 files! And NO MBA-M full scan would only take 9 seconds!
oh....because after full scan, reboot pc, re-scan again. within 9 second, the same virus detected again... that's why i stop the scanning... anyway, i reattach a full scan log.
this time the scanning only detected 1 virus (autorun.inf)
the other 2 virus has been removed by me manually by giving full permission and audit authority on that folder and it manage to delete the RECYCLER folder.
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H)
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H)
logs attached
Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 2
18/09/2009 14:39:39
mbam-log-2009-09-18 (14-39-39).txt
Scan type: Full Scan (C:\|)
Objects scanned: 195658
Time elapsed: 1 hour(s), 12 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
S:\autorun.inf (Trojan.Conficker.H) -> Delete on reboot.
this time the scanning only detected 1 virus (autorun.inf)
the other 2 virus has been removed by me manually by giving full permission and audit authority on that folder and it manage to delete the RECYCLER folder.
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H)
S:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H)
logs attached
Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 2
18/09/2009 14:39:39
mbam-log-2009-09-18 (14-39-39).txt
Scan type: Full Scan (C:\|)
Objects scanned: 195658
Time elapsed: 1 hour(s), 12 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
S:\autorun.inf (Trojan.Conficker.H) -> Delete on reboot.
•
•
Join Date: Feb 2008
Posts: 462
Reputation:
Solved Threads: 10
Posting Pro in Training
Okay... let's make sure this is conficker... a few ways to test if you have the conficker virus is to try to go to legitimate websites like microsoft updates or an anti-virus site. If you can't get in you've been confickered. I have to agree with the above poster no computer in this day and age has only 4812 files... the operating system alone must consist of at least 30,000 files... that's just a guess.
If I helped you I would appreciate it if you would give me some reputation.
read my actionscript to english blog
Currently developing what should be social network 2.0 offline.
read my actionscript to english blog
Currently developing what should be social network 2.0 offline.
i still able to update Windows Genuine Advantage Validation Tool (KB892130) from Microsoft Update just now.
Notice that, when i scan the C drive, the logs actually detect the Conficker in S: Drive.
S Drive is actually one of my server.
I had run fully scan in S drive (the server itself) with Malware, no virus detected
Notice that, when i scan the C drive, the logs actually detect the Conficker in S: Drive.
S Drive is actually one of my server.
I had run fully scan in S drive (the server itself) with Malware, no virus detected
•
•
Join Date: Feb 2008
Posts: 462
Reputation:
Solved Threads: 10
Posting Pro in Training
•
•
•
•
Originally Posted by syswee 
i still able to update Windows Genuine Advantage Validation Tool (KB892130) from Microsoft Update just now.
Notice that, when i scan the C drive, the logs actually detect the Conficker in S: Drive.
S Drive is actually one of my server.
I had run fully scan in S drive (the server itself) with Malware, no virus detected
If I helped you I would appreciate it if you would give me some reputation.
read my actionscript to english blog
Currently developing what should be social network 2.0 offline.
read my actionscript to english blog
Currently developing what should be social network 2.0 offline.
•
•
•
•
Originally Posted by tiger86
I hope this isn't a server that hosts data available on the net... I hope you are an expert at removing files without deleting DLLS .... you do not want torn DLLs. Your whole system could fail if you deleted a vital DLL.
See if you can upload S:\autorun.inf for analysis here: http://virusscan.jotti.org/en
Please post back with the results.
PP
Please post back with the results.
PP
Last edited by PhilliePhan; Sep 18th, 2009 at 5:35 am.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
•
•
•
•
Originally Posted by PhilliePhan
See if you can upload S:\autorun.inf for analysis here: http://virusscan.jotti.org/en
Please post back with the results.
PP
Here you go ...
Additional info
File size: 95034 bytes
Filetype: Unknown
MD5: 2c29248d7b2ee96a8f3d516dae36c310
SHA1: 0e73e5f50253e821fd87bb845aea0983ccfae404
Scanners
2009-09-17 Worm.Kido.ix 2009-09-18 Worm.Autorun.VHG
2009-09-18 Worm.Win32.Conficker!IK 2009-09-18 Worm.Win32.Conficker
2009-09-17 BV:AutoRun-S 2009-09-18 Net-Worm.Win32.Kido.ix
2009-09-17 Worm/Generic_c.ZS 2009-09-17 Found nothing
2009-09-17 WORM/Kido.IX 2009-09-17 Found nothing
2009-09-18 Worm.Autorun.VHG 2009-09-17 W32/Conficker.C.worm
2009-09-17 Worm.Autorun-1838 2009-09-17 Found nothing
2009-09-18 W32.Net.W.Kido.ix 2009-09-18 Mal/ConfInf-A
2009-09-17 Win32.HLLW.Autoruner.5601 2009-09-17 Found nothing
2009-09-17 JS/AutoRun 2009-09-17 INF.Conficker.F
2009-09-18 Worm:W32/Downaduprun.A
|
Similar Threads
- Cannot Access Microsoft.com (Viruses, Spyware and other Nasties)
- News Story: Conficker - a massive hoax? (Upcoming News Stories)
- New Conficker Variant: PC contantly saying it needs DLL (Viruses, Spyware and other Nasties)
- News Story: Trojan worms way into Apple computers (Mac Rumors and Reports)
- News Story: Limbo 2 Trojan comes complete with guarantee of invisibility (Network Security)
- News Story: Latest Mac OS X Trojan Might Be Sign of Things to Come (Apple Hardware)
- News Story: Trojan droppers are kicking worm butt (Network Security)
- News Story: Trojan hijacks Google Ads (Pay-Per-Click Advertising)
- News Story: Hotmail and Yahoo targeted by new spam Trojan (Network Security)
- News Story: Do you want spies with that? McDonald’s gives customers Trojan as free gift. (Network Security)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HijackThis & MBAM logs | MBAM keeps blocking infected ip numbers "infection detected"
- Next Thread: cant access C drive by double click
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
