Malwarebytes Log: Should I be Concerned?

February 15, 2011 at 12:49:22
Specs: Windows XP, 3GHz / 2Gb
I just recently had a friend make me aware of Malware Bytes, so I ran it on my work computer and produced the following log. How concerned should I be and what steps do I need to take next?

Thanks,
Cooper


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5768

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/15/2011 3:42:54 PM
mbam-log-2011-02-15 (15-42-54).txt

Scan type: Quick scan
Objects scanned: 153656
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39126e77-0dc9-d8e9-5c0a-65d9ad4f49ce} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39126e77-0dc9-d8e9-5c0a-65d9ad4f49ce} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39126E77-0DC9-D8E9-5C0A-65D9AD4F49CE} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E276E8E9-9436-68D3-D8D9-A3189C5B2BE0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E276E8E9-9436-68D3-D8D9-A3189C5B2BE0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E276E8E9-9436-68D3-D8D9-A3189C5B2BE0} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\antivirus 2009 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


See More: Malwarebytes Log: Should I be Concerned?

Report •

#1
February 15, 2011 at 13:00:36
Hi,
Looks like it found and quarantined your problems, did you rescan with Malwarebytes??
Download HitmanPro3.5 from this link:
http://download.cnet.com/Hitman-Pro...
Run a full scan.
Also when scan is complete, if no more problems change all passwords and disable your system restore to clean it out the enable system restore again. Create a new restore point.

Report •

#2
February 16, 2011 at 08:19:40
Thanks MrGoodGuy,

Things seem to be working well again.

Cooper


Report •

#3
February 16, 2011 at 13:22:18
Hi Cooper81,
Thanx for letting me know. Did HitmanPro3.5 find anymore problems?

Report •

Related Solutions

#4
February 17, 2011 at 05:32:28
Yes, it found and quarantined a file that I can't verify right now. When I run Hitman Pro again to see the history, it locks up and the task manager's end process doesn't even work. I think it was something like, "WINDOWS/.../zip_???.exe" where I don't recall what was in the ? place.

I also ran Spywareblaster and it found a few tracking cookies.

The reason I started this whole process was because I think I have a nasty bug on my personal laptop, maybe virtumonde aka vundo. I haven't had the time to work through it all but once I do, I'll post a new thread here and hopefully save that one before it's too late.

Thanks Again,
Cooper


Report •

#5
February 17, 2011 at 12:09:10
Hi Cooper81,
This might help:
http://ezinearticles.com/?How-to-Ma...

Report •

Ask Question