Malwarebytes Forum > Still finding remnants from march 26

Full Version: Still finding remnants from march 26

Malwarebytes Forum > Malwarebytes' Anti-Malware Support > General Malwarebytes' Anti-Malware Forum

DaChew

Apr 29 2008, 06:33 AM

Malwarebytes' Anti-Malware 1.11
Database version: 692

Scan type: Full Scan (C:\|)
Objects scanned: 56451
Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\IDME\dimnet201.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IDME\TGbn1dll.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usnv\pax89104.exe (Adware.TTC) -> Quarantined and deleted successfully.

dimnet201.exe

A-Squared Found nothing
AntiVir Found RKIT/544.A
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {UPX}
AVG Antivirus Found Generic10.CLZ
BitDefender Found Rootkit.544
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/SpyCore-A
VirusBuster Found nothing
VBA32 Found nothing

pax89104.exe

A-Squared Found Adware.Win32.TTC.d
AntiVir Found DR/TTC.D
ArcaVir Found Adware.Ttc.D
Avast Found Win32:Adware-gen
AVG Antivirus Found nothing
BitDefender Found Dropped:Trojan.AdClick.DX
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.TTC.d (4, 1, 400)
Fortinet Found Adware/TTC
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.TTC.d

TGbn1dll.exe

A-Squared Found nothing
AntiVir Found TR/Drop.Agen.139457
ArcaVir Found Adware.Trafficsol.Ai
Avast Found Win32:Agent-VZS
AVG Antivirus Found nothing
BitDefender Found Adware.Trafficsol.S
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.TrafficSol.ai (4, 1, 400)
Fortinet Found Virtum!tr
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found AdWare.Win32.TrafficSol.ai

DaChew

Apr 29 2008, 06:37 AM

I then sorted by date and saw another folder in the system 32 with the same time/date stamp

bz3/pnglft22.exe

A-Squared Found Trojan-Downloader.Win32.Small.tei
AntiVir Found TR/Crypt.ULPM.Gen
ArcaVir Found Adware.Agent.Bz
Avast Found Win32:Small-JMH
AVG Antivirus Found Downloader.Generic7.AUY
BitDefender Found Trojan.Retapu.D
ClamAV Found Trojan.Downloader-27654
CPsecure Found Troj.Downloader.W32.Aphex.020
Dr.Web Found Trojan.DownLoader.51158
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Small.tei
Fortinet Found nothing
Ikarus Found Virus.Win32.Small.JMH
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.tei
NOD32 Found Win32/TrojanDownloader.Small.IAW
Norman Virus Control Found W32/DLoader.GFES
Panda Antivirus Found Trj/Downloader.SZG
Sophos Antivirus Found Mal/DownLdr-O
VirusBuster Found Trojan.Matcash.Gen
VBA32 Found Trojan-Downloader.Win32.Small.tei

GT500

Apr 29 2008, 01:37 PM

Have you submitted it to Malwarebytes yet?

nosirrah

Apr 29 2008, 02:10 PM

The issue is that this file is inside of a random named folder .

I am trying to find a way to keep the scan fast and catch these .

This malware is a setup file and does not get a start point so it is in effect dead .

The next update may have something that will catch this .

BTW the active protection of MBAM should not allow this file to run .

DaChew

Apr 29 2008, 03:27 PM

to put this in perspective, this infection was a bear, I threw everything but combofix at it

it came into my computer thru a usb drive

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.