Thread: Need help with trojans
View Single Post
  #29 (permalink)   Top
Old 6th July 2009, 06:23 AM
ElChamuco's Avatar
ElChamuco ElChamuco is offline
Newcomer
  
Join Date: May 2009, 21 posts.
Reputation: ElChamuco is on a distinguished road
Thank You my friend!!!!

Just to let you know when i was running active scan Avira caught a trojan. I have a feeling like there is a port open. please let me know what you think.

here the logs

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\paramet ers\firewallpolicy\standardprofile\GloballyOpenPor ts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\paramet ers\firewallpolicy\standardprofile\GloballyOpenPor ts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\paramet ers\firewallpolicy\standardprofile\GloballyOpenPor ts\List not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: CHUCK
->Temp folder emptied: 790 bytes
->Temporary Internet Files folder emptied: 783754 bytes
->Java cache emptied: 8112358 bytes
->FireFox cache emptied: 78305989 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 65536 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3124241 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.32 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07052009_004217

Files moved on Reboot...

Registry entries deleted on Reboot...



;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-07-05 22:12:01
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 2
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
AntiVir Desktop 9.0.1.30 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP27\A0002405.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP25\A0001953.sys
01675833 Trj/SMSlock.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP27\A0002412.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP27\A0002451.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP26\A0002334.sys
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location j
;================================================= ================================================== ================================================== ==============================
No C:\Program Files\Internet Explorer\IEXPLORE.EXE__ j
No C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP17\A0001542.exe j
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description j
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
Reply With Quote