fake.wget

[GraveDigga]

well i got infected.searched google and found you guys.i use spybot for a very long time but never went on forum.ok,so i tried to do the thing with notepad and i still am infected with it.here's the report:

--- Search result list ---
Fake.Wget: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1993962763-287218729-725345543-1003\Software\Wget

Fake.Wget: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget

 

[GraveDigga]

got the latest update and now i have a new trojan named Bifrose.LA so now i have the wget and this bifrose here is the report:

--- Search result list ---
Bifrose.LA: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}

Bifrose.LA: System file (File, nothing done)
D:\WINDOWS\system32\drivers\oreans32.sys

Fake.Wget: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1993962763-287218729-725345543-1003\Software\Wget

Fake.Wget: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget

 

[LonnyRJones]

GraveDigga Hi
Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Post A Hijackthis log and an online scan report here in this thread.

 

[GraveDigga]

the online scand was made with panda

 

[LonnyRJones]

Start Hijackthis and place a check next to these items If there.
O4 - HKLM\..\Run: [startkey] D:\WINDOWS\system32\systemhosts.exe
O4 - HKCU\..\Run: [startkey] D:\WINDOWS\system32\systemhosts.exe

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete
D:\WINDOWS\system32\systemhosts.exe
Your antivirus might offer to delete it when you get close, thats fine.

Check for problems with SpyBot and fix everything found, then do so a second time and let me know what was there.

 

[GraveDigga]

searched with hijackthis and i didn't find that.searched in system32 and also nothing.searchd with spybot and nothing ).i guess i resolved it with Trend Micro.it found something and disinfected.well tnx a lot :bigthumb:

 

[LonnyRJones]

Good

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

 

[GraveDigga]

done.ok thanks a bunch man

 

[LonnyRJones]

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).