The Gang of Five
Beyond the Mysterious Beyond => Hobbies and Recreation => Computer and Electronics => Topic started by: pokeplayer984 on June 01, 2009, 12:33:45 PM
-
I'm not sure how it happened, but I had to deal with a rather nasty Trojan this morning. Here's the deal with it.
I'm not sure how I got it because the ONLY thing I've downloaded are some pictures off photobucket. I guess it was a hijacking Trojan of some kind. (Plus the only other places I've been are this site, YouTube, ScrewAttack and my e-mail. (Making sure to get rid of the untrustworthy stuff without looking at it, thank you very much.))
Anyways, what it did was that it infected the "system 32" file and a few registry files. This stopped me from having internet access, thus making me unable to update. I then decided to take action and go into Safe Mode with Networking.
After that, I was able to update, and Malwarebytes took care of the rest. It wasn't able to find it before the update, but after that, it was able to detect it and clean it.
Also, since I update my stuff weekly, what we're looking at here is a brand new Trojan outbreak. Update your arsenal guys, or you won't have internet access.
Well, that's what I wanted to report.
See ya later!
-
Losing internet access isn't really new when it comes to malware. I have already been aware that some malware, such as some of the latest rogues, will lock down the computer so badly (not just losing internet access, but other functionality) that there are few options left on how to deal with the threat.
-
Oh yeah, I almost forgot, here's what the report said of exactly what it infected so you guys can know what to look out for:
Malwarebytes' Anti-Malware 1.37
Database version: 2206
Windows 5.1.2600 Service Pack 3
6/1/2009 7:47:36 AM
mbam-log-2009-06-01 (07-47-36).txt
Scan type: Full Scan (C:\|)
Objects scanned: 134408
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
The memsweep2 files apparently. Keep an eye out, guys. :)
-
Memsweep2 is associated with Sophos AntiRootkit apparently.
http://www.threatexpert.com/report.aspx?md...7078d8c5ccb79d8 (http://www.threatexpert.com/report.aspx?md5=59e15ff9560923c3b7078d8c5ccb79d8)
-
Sounds nasty. Glad you managed to get it cleared up and nice of you to inform folks here and what they could do.
-
Thanks for the logfile. I was going to ask for it if you hadn't posted it later.
-
Ugh! I don't know what's going on but system32 got infected with a Trojan again.
I haven't downloaded anything since the last time I cleaned it.
Then again, my brother has reinstalled and used Limewire as of late. -_-
-
Yeah, it could be something your brother downloaded.
-
Yeah, it could be something your brother downloaded.
Well, good luck telling him to stop with Limewire. He's addicted to downloading stuff with it. :(