What is it Trojan Horse / Malware / Virus?

October 25, 2009 at 21:52:38
Specs: Windows xp, P4 / 512 mb

I seem to have acquired some sort of bad trojan horse or malware or virus or something! The problem lies is that, at first I was unable to access the taskbar, but followed some instructions on the internet and managed to enable it again where I found a process like '' b.exe '', anyways, the actual problem is that I cannot access the internet on the machine at all. When I open either Mozilla or Firefox, it does not load the home page but when I go to the Network & Sharing Setup and Setup New Connections => " Connect To Internet " => It says I am already connected, and when I click the "Browse the Internet Now" it opens up IE and I'm able to access the internet. That's pretty weird for me. Anyways, I've uploaded my Hijackthis log file here:


I scanned with AVG but found nothing, I scanned with something called " SUPERAntispyware Remover " and it found several things, and it deleted them aswell.

I have no idea what's going on, hopefully someone can look at the Hijackthis log file and tell me whats going on...


See More: What is it Trojan Horse / Malware / Virus?

Report •

October 25, 2009 at 22:21:01

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

10/26/2009 1:08:34 AM
mbam-log-2009-10-26 (01-08-25).txt

Scan type: Quick Scan
Objects scanned: 84368
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\LogMeInRemoteUser\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> No action taken.
C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> No action taken.
C:\Windows\System32\AVR09.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\Windows\System32\net.net (Trojan.Agent) -> No action taken.
C:\Windows\System32\winhelper.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\Home\AppData\Local\Temp\prun.tmp (Trojan.Dropper) -> No action taken.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Windows\win32k.sys (Trojan.Dropper) -> No action taken.

Report •
Related Solutions

Ask Question