log of mbam run
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.orgDatabase version: 7253
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
7/23/2011 12:17:57 PM
mbam-log-2011-07-23 (12-17-57).txt
Scan type: Quick scan
Objects scanned: 237610
Time elapsed: 16 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{16406580-14ce-4441-b904-ad56cc8064ca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WinApp.WinSafe.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WinApp.WinSafe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Backdoor.Sdbot) -> Value: UpdateWin -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\HP_Owner\application data\86855640 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
c:\icinst.exe (Adware.EShoper) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\Desktop\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\Bots.zip (Trojan.Agent) -> Quarantined and deleted successfully.
c:\calculator.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\xp police antivirus.lnk (Rogue.XPPolice) -> Quarantined and deleted successfully
Notes.
Upon reboot I received a mal.url alert.
I was warned that I had no firewall - even though comodo was running. Comodo tray icon indicated it was disabled - the defense+ setting was disabled. it is now training mode.
I havent received another mal.url alert in 15 minutes of surfing using three different browser.
I'll update this post later.
Update 1:
as of this edit, no new mal.urls
Update 2:
there is a curse. I no sooner than saved that edit than I got a mal.url.