|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
June 22nd, 2009, 09:04 AM
|
|||
|
|||
|
Trojan horse Dropper.Generic.AQXM
Hello,
On booting my computer today i found a dialog box by AVG saying that MSDEV.EXE is infected with trojan horse with name "Dropper.Generic.AQXM". I said 'heal' and the file was moved to the virus vault. I ran ccleaner and atfcleaner. Here is the mbam log ==================================== Malwarebytes' Anti-Malware 1.35 Database version: 1904 Windows 5.1.2600 Service Pack 2 2009-06-22 17:32:57 mbam-log-2009-06-22 (17-32-57).txt Scan type: Quick Scan Objects scanned: 82218 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ================================================ Here is the SUPERAntiSpyware Scan Log ================================================ http://www.superantispyware.com Generated 06/22/2009 at 06:09 PM Application Version : 4.26.1004 Core Rules Database Version : 3949 Trace Rules Database Version: 1891 Scan type : Quick Scan Total Scan Time : 00:22:18 Memory items scanned : 528 Memory threats detected : 0 Registry items scanned : 487 Registry threats detected : 0 File items scanned : 10474 File threats detected : 0 ================================================ Here is the hijack this log: ================================================ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19, on 2009-06-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\VM303_STI.EXE D:\vb\learn\ini\mydatagrid1.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Sify Broadband\BBImpSec.exe C:\Documents and Settings\narin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe D:\Program Files\Apache_2.28\bin\ApacheMonitor.exe D:\Program Files\WordWeb\wweb32.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Maxtor\Sync\SyncServices.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\SuperAntispyware\SUPERAntiSpyware.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - D:\PROGRA~1\TEXTAL~1\TAForIE.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [kbg] d:\vb\learn\ini\mydatagrid1.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden O4 - HKLM\..\Run: [mxomssmenu] "D:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\narin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\narin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SuperAntispyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Startup: WordWeb Pro.lnk = D:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache_2.28\bin\ApacheMonitor.exe O4 - Global Startup: notify.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: + &Download Express: download this file - D:\Program Files\Download Express\Add_Url.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesin.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesin.dll O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing) O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Program Files\Fiddler2\Fiddler.exe" (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{BFFEFB96-D110-4D49-BA13-3865755F97B6}: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SuperAntispyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apache2.2 - Apache Software Foundation - D:\Program Files\Apache_2.28\bin\httpd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MSSQLSERVER - Unknown owner - d:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SQLSERVERAGENT - Unknown owner - d:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10244 bytes ================================================ Is there anything wrong? Malware bytes and superantispyware haven't showed any threats. thank you.
__________________
Why do we always seek someone, something or some thought, are we afraid of ourselves? "The love of one's country is a splendid thing. But why should love stop at the border?" - Pablo Casals Last edited by srisa : June 22nd, 2009 at 09:07 AM.
|
|
#2
June 22nd, 2009, 09:43 AM
|
||||
|
||||
|
Quote:
I don't normally post "me too's" but worth reporting I've had exactly the same problem today. I also use AVG and it sucessfully healed the infection by removing the file. I had been transferring files from my wife's laptop via a USB memory stick just before it occurred. Scan of that came up clean and I'm running a full AVG scan on my system now. Nick
|
|
#3
June 23rd, 2009, 05:11 AM
|
|||
|
|||
|
Ran AVG full system scan, nothing found. AVG has an anti-spyware component, do i still need superantispyware to provide real time protection?
|
|
#4
June 23rd, 2009, 10:30 AM
|
||||||
|
||||||
|
Quote:
I would run through the steps outlined here as well. Just because AVG didn't find anything else doesn't mean nothing else is there.
|
|
#5
August 3rd, 2009, 05:16 PM
|
|||
|
|||
|
Yes Srisa
I know the problem that you are facing problem with your system that's infected. If you are regularly updating your antivirus program then it will not infect your PC or Laptop but you can do onething that you reinstall Operating System and then try to install AVIRA antivirus from the search engine. And for antivirus updates you need internet connection. If not then you can face same problem. Tim
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Trojan horse Dropper.Generic.AQXM |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
