« previous next »
Pages: [1]   Go Down

Author Topic: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!  (Read 5800 times)

0 Members and 1 Guest are viewing this topic.

bec_mick

  • Guest
Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« on: November 21, 2008, 12:22:43 AM »
PLease help me - I have no idea what to do.

I keep getting the above warning mentioned in the subject line

The rest of the box says

File name: hXXp://protectionlive-scan.com/2009/1/e/_freescan.php?nu=77052
Malware name: JS: Agent-DE(Trj)
Malware type: Trojan horse
VPS Version: 0811 20-0, 20/11/2008

Other problems I am having are:

I am getting error 1058 - service cannot be started. This is when I and try and turn my windows automatic updates back on. They say they are on but the actually aren't

Also getting heaps of pop ups

Any advice would be appreciated!!

Thanks
« Last Edit: November 21, 2008, 07:14:49 AM by bec_mick »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89061
  • No support PMs thanks
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #1 on: November 21, 2008, 12:32:15 AM »
That is because it is a rogue site that will try to infect you.

Don't visit the site, why are you visiting the site ?

I suspect because you are getting a pop-up saying your system is infected and should visit the site ?

If so this is a scan to get you to visit the site (they succeed there) and this could then infect your system properly had avast not blocked it, or they would try to get you to pay for a clean-up or the program for a non-existent problem.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bec_mick

  • Guest
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #2 on: November 21, 2008, 01:50:23 AM »
Hi thanks for your reply

It took a long time but here is the log (part 1)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/21/2008 at 11:41 AM

Application Version : 4.22.1014

Core Rules Database Version : 3645
Trace Rules Database Version: 1628

Scan type       : Quick Scan
Total Scan Time : 00:55:50

Memory items scanned      : 361
Memory threats detected   : 2
Registry items scanned    : 589
Registry threats detected : 155
File items scanned        : 8842
File threats detected     : 29

Trojan.Vundo-Variant/Packed-GEN
   C:\WINDOWS\SYSTEM32\PMNLLIYP.DLL
   C:\WINDOWS\SYSTEM32\PMNLLIYP.DLL
   C:\WINDOWS\SYSTEM32\GEBRQQNE.DLL
   C:\WINDOWS\SYSTEM32\GEBRQQNE.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB8FEF0-E503-4827-A92F-F67C24DF5C62}
   HKCR\CLSID\{0FB8FEF0-E503-4827-A92F-F67C24DF5C62}
   HKCR\CLSID\{0FB8FEF0-E503-4827-A92F-F67C24DF5C62}\InprocServer32
   HKCR\CLSID\{0FB8FEF0-E503-4827-A92F-F67C24DF5C62}\InprocServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54D9DFA0-2701-42E5-B29C-D3AECD98AD5A}
   HKCR\CLSID\{54D9DFA0-2701-42E5-B29C-D3AECD98AD5A}
   HKCR\CLSID\{54D9DFA0-2701-42E5-B29C-D3AECD98AD5A}\InprocServer32
   HKCR\CLSID\{54D9DFA0-2701-42E5-B29C-D3AECD98AD5A}\InprocServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{0FB8FEF0-E503-4827-A92F-F67C24DF5C62}
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB8FEF0-E503-4827-A92F-F67C24DF5C62}
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54D9DFA0-2701-42E5-B29C-D3AECD98AD5A}
   Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnllIYP

Rogue.AntiVirus 2009
   [14063469541489916108242275941506] C:\PROGRAM FILES\ANTIVIRUS 2009\AV2009.EXE
   C:\PROGRAM FILES\ANTIVIRUS 2009\AV2009.EXE
   C:\Program Files\Antivirus 2009\av2009.exe.tmp
   C:\Program Files\Antivirus 2009
   C:\Documents and Settings\Rebecca Leoniuk\Start Menu\Antivirus 2009\Antivirus 2009.lnk
   C:\Documents and Settings\Rebecca Leoniuk\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
   C:\Documents and Settings\Rebecca Leoniuk\Start Menu\Antivirus 2009
   C:\Documents and Settings\Rebecca Leoniuk\Desktop\Antivirus 2009.lnk
   C:\Documents and Settings\Rebecca Leoniuk\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
   C:\WINDOWS\Prefetch\AV2009.EXE-1BF04CE5.pf

Adware.Vundo/Variant-Greek
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e62acb89-bc1c-48cf-aa51-392d7956e5dc}
   HKCR\CLSID\{E62ACB89-BC1C-48CF-AA51-392D7956E5DC}
   HKCR\CLSID\{E62ACB89-BC1C-48CF-AA51-392D7956E5DC}\InprocServer32
   HKCR\CLSID\{E62ACB89-BC1C-48CF-AA51-392D7956E5DC}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\TRZTBP.DLL
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E62ACB89-BC1C-48CF-AA51-392D7956E5DC}
   C:\WINDOWS\SYSTEM32\BVTNDXAG.DLL
   C:\WINDOWS\SYSTEM32\JDILXBRT.DLL
   C:\WINDOWS\SYSTEM32\LNICSYQT.DLL
   C:\WINDOWS\SYSTEM32\NDISWPDT.DLL
   C:\WINDOWS\SYSTEM32\TWZHJZ.DLL

Adware.MyWebSearch
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable


Logged

bec_mick

  • Guest
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #3 on: November 21, 2008, 01:52:19 AM »
Part 2

Adware.Tracking Cookie
   C:\Documents and Settings\Rebecca Leoniuk\Cookies\rebecca_leoniuk@ad.yieldmanager[2].txt
   C:\Documents and Settings\Rebecca Leoniuk\Cookies\rebecca_leoniuk@ad.zanox[1].txt
   C:\Documents and Settings\Rebecca Leoniuk\Cookies\rebecca_leoniuk@tribalfusion[1].txt
   C:\Documents and Settings\Rebecca Leoniuk\Cookies\rebecca_leoniuk@mediatraffic[1].txt
   C:\Documents and Settings\Rebecca Leoniuk\Cookies\rebecca_leoniuk@interclick[1].txt
   C:\Documents and Settings\Rebecca Leoniuk\Cookies\rebecca_leoniuk@clickbank[2].txt
   C:\Documents and Settings\Jarrod\Cookies\jarrod@bs.serving-sys[1].txt
   C:\Documents and Settings\Jarrod\Cookies\jarrod@ad.yieldmanager[1].txt
   C:\Documents and Settings\Jarrod\Cookies\jarrod@serving-sys[1].txt
   C:\Documents and Settings\Jarrod\Cookies\jarrod@doubleclick[2].txt
   .imrworldwide.com [ C:\Documents and Settings\Rebecca Leoniuk\Application Data\Mozilla\Firefox\Profiles\nqi244s7.default\cookies.txt ]
   .imrworldwide.com [ C:\Documents and Settings\Rebecca Leoniuk\Application Data\Mozilla\Firefox\Profiles\nqi244s7.default\cookies.txt ]

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\SOFTWARE\FunWebProducts
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\SOFTWARE\MyWebSearch
   HKCR\ScreenSaverControl.ScreenSaverInstaller
   HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
   HKCR\ScreenSaverControl.ScreenSaverInstaller.1
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
   HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID

Unclassified.SpywareBot (Not A Threat)
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\SpywareBot

Adware.Vundo Variant/Rel
   HKLM\SOFTWARE\Microsoft\FCOVM
   HKLM\SOFTWARE\Microsoft\RemoveRP
   HKLM\SOFTWARE\Microsoft\MS Juan
   HKLM\SOFTWARE\Microsoft\MS Juan#RID
   HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
   HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
   HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
   HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
   HKLM\SOFTWARE\Microsoft\MS Juan\JKWL
   HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\avast
   HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\avast#LU
   HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\avast#CT
   HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\avast#LT
   HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
   HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
   HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
   HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
   HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
   HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
   HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg
   HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM
   HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY
   HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT
   HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
   HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
   HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
   HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
   HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CPS
   HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
   HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
   HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
   HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
   HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
   HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
   HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
   HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
   HKLM\SOFTWARE\Microsoft\contim
   HKLM\SOFTWARE\Microsoft\contim#SysShell
   HKLM\SOFTWARE\Microsoft\MS Track System
   HKLM\SOFTWARE\Microsoft\MS Track System#Uid
   HKLM\SOFTWARE\Microsoft\MS Track System#Shows
   HKLM\SOFTWARE\Microsoft\MS Track System#Uqs
   HKLM\SOFTWARE\Microsoft\MS Track System#Click1
   HKLM\SOFTWARE\Microsoft\rdfa
   HKLM\SOFTWARE\Microsoft\rdfa#F
   HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\14063469541489916108242275941506\Options
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\14063469541489916108242275941506\Options#Aff
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\14063469541489916108242275941506\Options#AdvancedScanType
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\14063469541489916108242275941506\Options#FirstRunUrl
   HKU\S-1-5-21-2167921008-703662012-1290024084-1006\Software\14063469541489916108242275941506
   HKLM\Software\Microsoft\28A512C1
   HKLM\Software\Microsoft\28A512C1#28a512c1
   HKLM\Software\Microsoft\28A512C1#Version
   HKLM\Software\Microsoft\28A512C1#28a5bf41
   HKLM\Software\Microsoft\28A512C1#28a5d6a4
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89061
  • No support PMs thanks
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #4 on: November 21, 2008, 02:47:17 AM »
The Rogue.AntiVirus 2009 and Rogue.Component part is most likely what would have been trying to get you to that URL. On that subject, please modify your first post so the URL to the suspect site isn't active to avoid accidental exposure. Change the http to hXXp that breaks the link, se example below.

hXXp://protectionlive-scan.com/2009/1/e/_freescan.php?nu=77052

Well the previously undetected vundo infection was no doubt responsible for the pop-ups, hopefully they will be history when you have SAS quarantine them.

Tracking cookies are a minor privacy issue and not a security issue, I normally disable this part of a scan in Preferences, Scanning Control tab. Periodically clear your cookies and have your browser only accept cookies from the site you are visiting and not third party cookies.

The MyWebSearch adware is a minor one but you should still get shot of it.

Once you have allowed SAS to deal with 'all' of those detected, reboot and scan with MalwareBytes AntiMalware and post the results.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bec_mick

  • Guest
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #5 on: November 21, 2008, 11:55:13 AM »
Hi - thanks again.

This is the log from the malwarebytes....
PART 1

alwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
21/11/2008 9:51:11 PM
mbam-log-2008-11-21 (21-51-01).txt
Scan type: Quick Scan
Objects scanned: 201426
Time elapsed: 1 hour(s), 40 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 50

Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28a5004f (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> No action taken.

Logged

bec_mick

  • Guest
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #6 on: November 21, 2008, 11:55:57 AM »
Part 2

Files Infected:
C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log\2008 Nov 20 - 03_40_13 PM_828.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log\2008 Nov 20 - 03_40_31 PM_281.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log\2008 Nov 20 - 03_40_48 PM_671.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log\2008 Nov 21 - 09_06_27 AM_421.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log\2008 Nov 21 - 09_22_25 AM_703.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Log\2008 Nov 21 - 10_03_01 AM_156.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_08_20 PM_281.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_08_20 PM_343.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_08_23 PM_156.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_37_52 PM_734.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_37_52 PM_828.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_37_52 PM_875.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 15 - 07_37_52 PM_890.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 17 - 02_40_50 PM_406.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 17 - 02_40_50 PM_484.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 17 - 06_48_07 PM_296.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 17 - 06_48_07 PM_390.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 05_31_16 PM_250.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 05_31_16 PM_359.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 05_31_16 PM_406.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 09_30_10 PM_937.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 09_30_11 PM_250.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 09_30_11 PM_671.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 18 - 09_30_11 PM_718.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 19 - 05_53_56 PM_156.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 19 - 05_53_56 PM_281.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 19 - 05_53_56 PM_453.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 20 - 05_17_34 PM_828.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 20 - 05_17_35 PM_375.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 20 - 05_17_37 PM_234.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 20 - 05_17_37 PM_343.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 05_49_31 PM_937.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 05_49_32 PM_031.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 05_49_32 PM_125.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 05_49_32 PM_140.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 08_15_58 PM_531.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 08_15_58 PM_546.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 08_23_54 PM_859.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Log\2007 Jun 21 - 08_23_54 PM_953.log (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> No action taken.
C:\Documents and Settings\Rebecca Leoniuk\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> No action taken.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> No action taken.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89061
  • No support PMs thanks
Re: Avast! Warning - A Trojan horse was found! - PLEASE HELP ME!!!
« Reply #7 on: November 21, 2008, 04:22:29 PM »
Well this shows the benefit of using two program scans as the other may detect more or find things unhidden/revealed by the previous scan. Strange that mywebsearch is there since SAS also picked this up.

You will have to run MBAM again as the No action taken means they are still there (this report being generated after closing the scan). By default all those detected will have a check mark to the left of the entry (selected), if not select all the items and click the Remove Selected button. That puts a copy in quarantine and removes the original, see image.

Now reboot and do another scan with avast.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »