The Mudcat Café TM
Thread #117375 Message #2579459
Posted By: Sawzaw
02-Mar-09 - 01:46 PM
Thread Name: Tech: Trojan infection
Subject: RE: Tech: Trojan infection
It is hard to tell which of those "free" virus removal programs are legit and which just install more viruses.
Malwarebytes is legit and free.
The last time I got a Trojan, it blocked access to http://malwarebytes.org with DNSchanger but it did not block access to http://www.malwarebytes.org
Once I got it Malwarebytes installed, it cleared up the infection.
Malwarebytes' Anti-Malware 1.31
Database version: 1571
Windows 5.1.2600 Service Pack 3
12/29/2008 11:19:30 PM
mbam-log-2008-12-29 (23-19-30).txt
Scan type: Quick Scan
Objects scanned: 51526
Time elapsed: 2 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\msqpdxehtabdur.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\msqpdxxjnrwblt.sys (Trojan.Agent) -> Quarantined and deleted successfully.
The problem is that the infected keys and files are sometimes hidden and you can't find them to rename or delete.