Spyware Protect 2009

**acoustikarl** · 02-05-2009, 10:26 PM

I ran Malwarebytes again this morning. SUPERAntiSpyware as well. I will paste the three SAS logs that have been generated so far, in chronological order.

Malwarebytes' Anti-Malware 1.33
Database version: 1731
Windows 5.1.2600 Service Pack 2

2/5/2009 11:29:48 AM
mbam-log-2009-02-05 (11-29-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 97175
Time elapsed: 34 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\autochk (Trojan.Opachki) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Opachki) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\protect.dll (Trojan.Opachki) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Opachki) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msb.dll (Trojan.Opachki) -> Quarantined and deleted successfully.

__________________________________________________ __

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2009 at 11:57 AM

Application Version : 4.25.1012

Core Rules Database Version : 3716
Trace Rules Database Version: 1690

Scan type : Quick Scan
Total Scan Time : 00:11:02

Memory items scanned : 594
Memory threats detected : 0
Registry items scanned : 510
Registry threats detected : 22
File items scanned : 8125
File threats detected : 1

Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s#start
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s#type
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s#imagepath
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s#group
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#TDSSserv
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#TDSSl
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdssservers
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdssmain
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdsslog
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdssadw
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdssinit
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdssurls
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdsspanels
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#tdsserrors
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules#TDSSproc
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\Enum#INITSTARTFAILED

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSOSVD.DAT

__________________________________________________ _________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2009 at 12:28 PM

Application Version : 4.25.1012

Core Rules Database Version : 3716
Trace Rules Database Version: 1690

Scan type : Complete Scan
Total Scan Time : 00:22:15

Memory items scanned : 563
Memory threats detected : 0
Registry items scanned : 6051
Registry threats detected : 0
File items scanned : 17858
File threats detected : 0

__________________________________________________ ___

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2009 at 11:50 AM

Application Version : 4.25.1012

Core Rules Database Version : 3744
Trace Rules Database Version: 1712

Scan type : Complete Scan
Total Scan Time : 00:18:41

Memory items scanned : 614
Memory threats detected : 0
Registry items scanned : 6052
Registry threats detected : 0
File items scanned : 17878
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@ehg-eset.hitbox[1].txt
C:\Documents and Settings\User\Cookies\user@hitbox[2].txt

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\PROTECT.D LL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\START MENU\PROGRAMS\STARTUP\CHKDISK.DLL

Thread: Spyware Protect 2009

Thread Tools

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions