I have just download and run the quick scan of that tool with no infections found. Running the full scan now but will take several hrs, so will finish it and re-run the MBAM full scan and post the results later.
Thanks
Stags
Junior Member
I have just download and run the quick scan of that tool with no infections found. Running the full scan now but will take several hrs, so will finish it and re-run the MBAM full scan and post the results later.
Thanks
Stags
Junior Member
Results for Microsoft Malicious software removal tool:
Worm:Win32/Pushbot.gen!C was detected, not removed.
everything else come back as not infected.
I am running the MBAM full scan now, and will line up Symantec to do another full sweep.
Stags
Administrator
Win32/Pushbot.gen!C is spread via MSN Messenger and/or AOL Instant Messenger. It also contains backdoor functionality that allows unauthorized access to an affected system.
Manual removal is NOT recommended. Was it quarantined?
Junior Member
There was no indication that it was quarantined, just that it was detected and not removed. I cannot find any logs for the scan.
Junior Member
Doh - after a bit more googling I found the mrt.log file and a quick perusal of it shows the location of the infected file to be within a zip file. Is it ok to remove the zip file in question?
Administrator
Honestly I don't know. All indications I found was that manual removal was not recommended. But it is your computer.....that is the only problem with 64bit operating systems...the ASSUMPTION that things like this won't bother them so why create a tool that will run on it when it won't be needed? Well, we are seeing this everyday now with so many of these Windows 7 64bits being sold. Anyone with any sense would realize that the creators of these evil pieces of software would naturally adapt them to attack the 64bit system. But people don't have sense!
Sorry, just had to vent and YOU are the one with the infected computer but I am the one who vents. Sorry.
Combofix is the tool of choice but it won't run, or isn't advised to be run I should say, on Windows 7 64bit. Windows 7 32bit yes but lots of cautions given on the 64's.
Junior Member
Feel free to vent, I can appreciate your frustrations!
MBAM full scan hot off the press: - seems the backdoor.spynet is still persisting.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4306
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14/07/2010 11:02:17 AM
mbam-log-2010-07-14 (11-02-17).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 455425
Time elapsed: 2 hour(s), 18 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Have just fired up the symantec AV, and will see what it has to say.
Administrator
Try this tool
http://www.sophos.com/products/free-...i-rootkit.html
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote