run in with braviax

Nothing. Not even a cookie. But when I close spybot I get two errors. 0x085c40c2 memory reffering to 0x886df10 - memory could not be read. And runtime error 216 at 085C40C2.
 
OK. The item avast picked up and the registry spybot picked up are they anything? Or just junk left from the trojan? I still have the infected file in avast chest. Throw away and redo the restore points action? Scan on Kasper to make sure?
 
They were leftovers.

Yes I suggest to flush avast! quarantine.

Sure you can rescan with kaspersky if you like to :)
 
LOL Now Kaspersky is in russian. I think this has been mentioned in some other threads as well. Cant see any link for english version. Any other online scanner to suggest? Or maybe I shall have it webtranslated. I think I know what to do on the site now.

Started thread about spybot errors. I'm guessing a new installation will help.Anyway it's only after the scan. :P
 
This is one:

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Scan unwanted applications is CHECKED
  5. Click "Scan"
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
 
Didn't see latest instruction before going 2 work, so I did a thorough scan with avast, and only found an infected file in restore. No worries. Now I have installed Malwarebytes Anti-Malware, and it finds lots more! :sad: Report follows

Malwarebytes' Anti-Malware 1.40
Database version: 2658
Windows 5.1.2600 Service Pack 2

2009-08-19 22:00:22
mbam-log-2009-08-19 (22-00-22).txt

Scan type: Quick Scan
Objects scanned: 93888
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ägaren\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ägaren\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
 
I apologize for being worried and being a control freak. But I just noticed I have a new quick-launch icon that I don't recognise at all. C:\Program\A-Patch143b2_WLM9.exe

What is this?

Spywareblaster and new safer firefox installed. I'm waiting with windows update in case more clean-up is to be done first.
 
sorry ignore last post. Now I know what a-patch is :P And its clean says joti :) So its the items on maleware report that are left to decide if they mean that there are more things going on in my comp.
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top