Hi all!
Although this has been fixed, thanks to MalwareBytes, I’d still like to know what it is was.
Yesterday and today whenever I would start my computer I would get two avast warnings of malicious connections blocked. I tried searching here for it but nothing came up. The main part of it was roonyx dot net. Does avast keep a list anywhere of connections it has blocked?
After running an avast boot scan the problem still existed. (Items were found and put in the chest but they apparently were not related to this issue.) After running MalwareBytes, 8 items were found and quarantined and I received no further “malicious connections blocked” warnings from avast. Has anyone ever heard of this roonyx dot net?
I know it’s gone now but I’d still like to figure out where I it came from so I can try to avoid it in the future if possible.
Thanks!!
Pam
From my understanding, it seems like you had some sort of back door. I think roonyx dot net is a file hosting site. I can’t tell you for sure where you got it from but it you have any peer to peer on your computer like limewire I would be suspicious but thats just what comes to my mind first.
It may help if you post Malwarebytes scan log so we can see what was removed!
Here’s a cut-and-paste of the scan log. (I don’t know where I got the “eight” from that I mentioned in my OP. I believe that was the number found from the avast boot scan.)
Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7026
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/5/2011 10:03:31 AM
mbam-log-2011-07-05 (10-03-31).txt
Scan type: Full scan (C:|)
Objects scanned: 242500
Time elapsed: 40 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\ctpcoy.dll (Trojan.Agent) → Delete on reboot.
c:\WINDOWS\oxihucuc.dll (IPH.Trojan.Hiloti.B) → Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bxepu (Trojan.Agent) → Value: Bxepu → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cbewejejohehucu (IPH.Trojan.Hiloti.B) → Value: Cbewejejohehucu → Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\ctpcoy.dll (Trojan.Agent) → Delete on reboot.
c:\WINDOWS\oxihucuc.dll (IPH.Trojan.Hiloti.B) → Delete on reboot.
c:\documents and settings\Pam\Desktop\exe installs and setups\pdfconvertersetup.exe (Adware.Agent) → Quarantined and deleted successfully.
c:\documents and settings\Pam\local settings\temporary internet files\Content.IE5\2XCDIHAD\windows-update-sp2-kb76231-setup[1].exe (Trojan.Agent) → Quarantined and deleted successfully.
c:\documents and settings\Pam\application data\Adobe\shed\thr1.chm (Malware.Trace) → Quarantined and deleted successfully.
c:\documents and settings\Pam\application data\Adobe\plugs\mmc1.exe (Trojan.Agent.Gen) → Quarantined and deleted successfully.
c:\documents and settings\Pam\application data\Adobe\plugs\mmc175.exe (Trojan.Agent.Gen) → Quarantined and deleted successfully.
Although this has been fixed, thanks to MalwareBytes, I'd still like to know what it is was.
Trojan:Win32/Hiloti
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti
Trojan Agent
http://www.ehow.com/facts_7197335_trojan-agent_.html
Thank you, Pondus. I have read everything at these two links you provided. One area I really need to change is not doing Internet research signed in as admin. I know, golden rule not to do that but was just lazy in creating another user account. Have just set up another user account as limited and am using that for Internet research, etc.
And thank you avast for superb work in blocking what these were trying to do and MalwareBytes for finding and removing them. I tell people all the time they need more than one anti-virus-type program and which ones they need (these two,of course, at minimum). So many people keep flocking to Norton, which earlier versions caused me nothing but trouble.
Thanks again, Pondus!
Pam