Hi,
Got attacked by Security Tools. I managed to remove that, but now I seem to have some sort of Rookit infection. Avast removed a few infections with a Boot time scan after I deleted the Security Tools File. Ran Malware Bytes. Malware bytes and avast now keep blocking a url every now and again.(Potentially malicious website).
Tried to use GMER but it kept crashing.
Running a Sophia Scan and a Hijack Hunter Scan at the moment.
Any ideas? Thanks.
Malware bytes and avast now keep blocking a url every now and again.(Potentially malicious website).Try running TDSSkiller
http://support.kaspersky.com/viruses/solutions?qid=208280684
can you post malwarebytes scan log ?
Thanks,
Malwarebytes Scan:
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
11/11/2010 10:11:01
mbam-log-2010-11-11 (10-11-01).txt
Scan type: Full scan (C:|E:|)
Objects scanned: 255875
Time elapsed: 1 hour(s), 41 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkovifemeyudafaw (Trojan.Agent.U) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniffer (Trojan.Downloader) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) → Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\udHDAnc.dll (Trojan.Agent.U) → Delete on reboot.
why don`t people update MBAM before they scan ??? they release something like 5 to 10 daily updates…
you have scanned with a very old database, your log say 4052 latest is 5095
update your MBAM run quick scan and post new log
Sorry about that. I’ve got to used to the likes of Avast that do these things auto…
Here’s the latest:
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 5095
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
11/11/2010 16:46:39
mbam-log-2010-11-11 (16-46-39).txt
Scan type: Quick scan
Objects scanned: 144419
Time elapsed: 8 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkovifemeyudafaw (Trojan.Agent.U) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I think that’s got it.
Thanks.
have you run TDSSkiller
Malware bytes and avast now keep blocking a url every now and again.(Potentially malicious website).Is this problem gone ?
OBS: you say malwarebytes and avast keep blocking ? does that mean that you have Malwarebytes PRO ?
if so it have autoupdate, if you have turned it on
How To Use The New Scheduler, Applicable To Versions 1.45 and 1.46 Only
http://forums.malwarebytes.org/index.php?showtopic=45177&st=0&p=224633&#entry224633
video
http://www.youtube.com/user/Malwarebytes?feature=mhum#p/u/1/qm3I3H1YJLU
Yep I ran TDSKiller and it did remove something and that problem seems to have stopped.
The the updated MBAM removed something and now I’m not getting the dll missing message at start up.
Fingers crossed all clear.
Thanks.