Trojan Virus Dealt with!

pokeplayer984 · **on:** June 01, 2009, 12:33:45 PM

I'm not sure how it happened, but I had to deal with a rather nasty Trojan this morning. Here's the deal with it.

I'm not sure how I got it because the ONLY thing I've downloaded are some pictures off photobucket. I guess it was a hijacking Trojan of some kind. (Plus the only other places I've been are this site, YouTube, ScrewAttack and my e-mail. (Making sure to get rid of the untrustworthy stuff without looking at it, thank you very much.))

Anyways, what it did was that it infected the "system 32" file and a few registry files. This stopped me from having internet access, thus making me unable to update. I then decided to take action and go into Safe Mode with Networking.

After that, I was able to update, and Malwarebytes took care of the rest. It wasn't able to find it before the update, but after that, it was able to detect it and clean it.

Also, since I update my stuff weekly, what we're looking at here is a brand new Trojan outbreak. Update your arsenal guys, or you won't have internet access.

Well, that's what I wanted to report.

See ya later!

DarkHououmon · **Reply #1 on:** June 01, 2009, 12:40:30 PM

Losing internet access isn't really new when it comes to malware. I have already been aware that some malware, such as some of the latest rogues, will lock down the computer so badly (not just losing internet access, but other functionality) that there are few options left on how to deal with the threat.

pokeplayer984 · **Reply #2 on:** June 01, 2009, 12:53:39 PM

Oh yeah, I almost forgot, here's what the report said of exactly what it infected so you guys can know what to look out for:

Quote

Malwarebytes' Anti-Malware 1.37
Database version: 2206
Windows 5.1.2600 Service Pack 3

6/1/2009 7:47:36 AM
mbam-log-2009-06-01 (07-47-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134408
Time elapsed: 11 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

The memsweep2 files apparently. Keep an eye out, guys.

DarkHououmon · **Reply #3 on:** June 01, 2009, 01:05:28 PM

Memsweep2 is associated with Sophos AntiRootkit apparently.

http://www.threatexpert.com/report.aspx?md...7078d8c5ccb79d8

Kor · **Reply #4 on:** June 01, 2009, 02:27:16 PM

Sounds nasty. Glad you managed to get it cleared up and nice of you to inform folks here and what they could do.

Petrie. · **Reply #5 on:** June 01, 2009, 04:13:57 PM

Thanks for the logfile. I was going to ask for it if you hadn't posted it later.

pokeplayer984 · **Reply #6 on:** June 11, 2009, 10:23:03 AM

Ugh! I don't know what's going on but system32 got infected with a Trojan again.

I haven't downloaded anything since the last time I cleaned it.

Then again, my brother has reinstalled and used Limewire as of late. -_-

DarkHououmon · **Reply #7 on:** June 11, 2009, 11:37:17 AM

Yeah, it could be something your brother downloaded.

pokeplayer984 · **Reply #8 on:** June 12, 2009, 01:12:01 PM

Quote from: DarkHououmon,Jun 11 2009 on 09:37 AM

Yeah, it could be something your brother downloaded.

Well, good luck telling him to stop with Limewire. He's addicted to downloading stuff with it.