Author Topic: Another Trojan attack  (Read 2257 times)

0 Members and 1 Guest are viewing this topic.

haqzaf

  • Guest
Another Trojan attack
« on: November 15, 2010, 08:54:07 PM »
Hi, to all readers,
"Windows XP home edition"I immeditely disabled my internet connection.Browswer MS ver 7.0
Before, I explain, what happened,I request all readers to curse these computer criminals, who create malicious viruses and criminally enter into your computer for malicious purposes.Just curse them in your heart.
While browsing,I felt my computer was suddenly paused for a moment and next two warning windows from microsoft "Help And Support Center" appear warning "Unknown Win32/Trojan",alert level "serve".Registery access,Task manager access immediately disabled by the virus or by these Microsoft alert windows.
"Avast"  as usual was on deep sleep.No action taken by "Avast" antispyware software living and enjoying my computer company.After running MalwareBytes anti spyware software the following was found and removed.
Log file is as follows.
"Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4719

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/15/2010 2:08:03 PM
mbam-log-2010-11-15 (14-08-03).txt

Scan type: Quick scan
Objects scanned: 138600
Time elapsed: 26 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Application Data\hotfix.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\0.9516633254790766.exe (Trojan.Dropper) -> Delete on reboot."
I checked My proxy server.It was normal,not activated by virus.
Malicious executable file,size 551k,naming "0.9516633254790766.exe" was found in temp folder.Its icon was large primitive golden colour door lock.I wrote all this to inform public and  aware them to be ready and act immeditely from these criminals.   

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Another Trojan attack
« Reply #1 on: November 15, 2010, 09:21:35 PM »
Is see you do the same mistak as many users of Malwarebytes does, they don`t update the program before they scan. Malwarebytes is releasing about 10 updates a day   ???

you have scanned with a very old database 4719. Latest is 5121

so update MBAM and scan again...... ;)


haqzaf

  • Guest
Re: Another Trojan attack
« Reply #2 on: November 15, 2010, 09:48:00 PM »
Hi,Pondus,

Thanks for reminding.
Updated to new ver. 5121
Scaned,No malicious activity found.
Thanks for helping.