Should I Worry? Malwarebytes Log

A

asyork

2[H]4U
Joined
Jan 3, 2002
Messages
2,059
This is from a fairly new Win 7 Enterprise install. I run Firefox 3.5.3 with noscript, and just installed and am scanning with the MSE beta. Everything that looks bad was in temp files, but I am still worried. Should I reinstall Windows, or leave it as it is?

Also, does anyone know if I can reinstall with my Enterprise trial, or do I have to register for a new copy?

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 6.1.7600

9/25/2009 5:16:35 AM
mbam-log-2009-09-25 (05-16-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 395697
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\bsxawjbbyc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\bvnfbpptti.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\cpnvywdtdn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\dhscxgvuiy.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\emiororxob.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\emxrqswkvl.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\etdceerorv.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\evirxluuro.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\feefqvueer.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\fuppvxkwnp.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\gwmyhhqpxt.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\iixmxiiqny.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\ipbcvtmtni.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\iqcdyyxvet.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\iuqpovmssx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\jmkxnmvtwe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\lrmxqwerct.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\noivembrhx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\nvdeferxnu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\oikvorptcr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\onwetpouyu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\oxelwnbici.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pdnqxudtbi.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pdrbpixxtc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pixisqyrur.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pmdxseunxn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pnfxpbqkiq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\ppttpxmsei.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pttnqbejot.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\qmmcjnokxd.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\qvpgpmdxpu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\rfiuphmpcx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\ritpxcdmbr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\rmcctimecn.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\rrsxieievx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\rxwlfxoxqy.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\seninqtcqd.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\sfqeedrcxc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\sgrvbuwwin.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\sopmvxtsqu.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\svcptnfihr.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\ubrmfubunx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\vbvxbnceey.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\vhrbvwotvc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\vwjbhqbjrm.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\vygriniipe.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\weccmpxmel.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\xedrdxqlcc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\xfvotdelxq.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\xqtwxtbbpj.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\yinppwbgdx.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\yueqwqqivb.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\~403E.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\~4E3D.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\~7F51.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\asyork\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully.
 
Well, I formatted and reinstalled, then scanned my backup from the fresh install with MSE beta. It looks like something got in through Opera which I installed and used for about 2 days before going back to FF.

Now all I am worried about is that Malware.Trace got some important data before I caught it. I can't seem to find anything online that tells me exactly what it does.
 
Did you examine that .bat file before you reformatted? Did you not have any AV going while running Opera?
 
I was using AVG free while running Opera. I had just installed Malwarebytes for the first time before that scan though. After all the good things I've read about Microsoft Security Essentials that's what I'm going to use from now on. I also re-downloaded everything instead of using .exes from my backup just to be sure.

I did not check the .bat before I formatted. It was a fairly new install anyway, and I had some driver issues from installing Vista drivers that didn't like 7 anyway, so I just wiped it and started over. Now that I think of it, I wish I had. Since they were all in temp folders I'm not sure if I was actually infected though.

Another possible source of the virus is my Razer drivers. I posted a thread about that here:http://hardforum.com/showthread.php?t=1454742
Apparently they got hacked and their drivers were infected. I installed their drivers recently, and very likely during that time frame.
 
asyork said:
I was using AVG free while running Opera. ... After all the good things I've read about Microsoft Security Essentials that's what I'm going to use from now on.
Click to expand...

A good move. I can't begin to show how many PCs I clean that have AVG on them and get infested. AVG is about as useless as ClamAV now.
 
You must log in or register to reply here.
Back
Top