Had virus... Removed with Malware Bytes... .exe not working

December 15, 2011 at 23:45:23
Specs: Windows 7
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 8362

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/16/2011 12:00:11 AM
mbam-log-2011-12-16 (00-00-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 312581
Time elapsed: 46 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Users\jl\AppData\Local\ace.exe (Trojan.ExeShell.Gen) -> 4936 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jl\AppData\Local\ace.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\jl\AppData\Local\gdl.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\jl\AppData\Local\Temp\zswwgowwnk (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\jl\AppData\Local\Temp\zuw.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\jl\documents\4RuQVAhU.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


Malware Report


See More: Had virus... Removed with Malware Bytes... .exe not working

Report •


#1
December 15, 2011 at 23:47:59
Found this thread and ran rogue killer and .exe helper
http://www.computing.net/answers/se...


exeHelper by Raktor
Build 20100414
Run at 01:46:19 on 12/16/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RK

User: jl [Admin rights]
Mode: Scan -- Date : 12/16/2011 01:36:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] 81a089a65ade0860939808fe453238a0
[BSP] a4de22a14f81d7ad9618816f1874aaee : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 104 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 500000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Report •

#2
December 16, 2011 at 07:29:20
so what exactly is the problem you are having?

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

Related Solutions


Ask Question