« previous next »
Pages: 1 ... 3 4 [5]   Go Down

Author Topic: [Inactive] Trojan-Downloader.BAT Infection And Strange Behavior  (Read 3836 times)

0 Members and 1 Guest are viewing this topic.

Offline Allam

  • Bronze Member
  • Posts: 34
Re: [In Progress K] Trojan-Downloader.BAT Infection And Strange Behavior
« Reply #60 on: July 03, 2012, 03:57:54 PM »
ok so as long as you need to know i'll wait for you :), i use this as my development server so i'm not in Hurry, i'm a Senior Software Developer here so everything is Backedup and we are safe :) i'd also would love to see this thing going away :)
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6347
Re: [In Progress K] Trojan-Downloader.BAT Infection And Strange Behavior
« Reply #61 on: July 03, 2012, 04:13:13 PM »
I`m currently going back over the log, when Sophos finishes can you do this please:

Please download SystemLook from one of the links below and save it to your Desktop.
Link 1
Link 2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code: [Select]
:filefind
notepad.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

I just noticed in one of the DDS logs this entry C:\Windows\notepad.exe it should run from the System32 folder... I just want to see if its still on the system

Kevin
Logged

Offline Allam

  • Bronze Member
  • Posts: 34
Re: [In Progress K] Trojan-Downloader.BAT Infection And Strange Behavior
« Reply #62 on: July 04, 2012, 01:51:29 AM »
Morning Kevin, Sophos found 10 threats and didnt clean any of them, 9 threats are related to old programs like mirc and stuff and the OTM tool that we downloaded earlier and only one threat which is useful but i couldnt find the log there were only details and when i click on the trojan link it provided the path below,

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~BatFTP-A/detailed-analysis.aspx

also find the systemLook log below

SystemLook 30.07.11 by jpshortstuff
Log created at 09:43 on 04/07/2012 by CurrentLoggedUser
Administrator - Elevation successful

========== filefind ==========

Searching for "notepad.exe"
C:\Windows\notepad.exe   --a---- 193536 bytes   [23:56 13/07/2009]   [01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\System32\notepad.exe   --a---- 193536 bytes   [23:56 13/07/2009]   [01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\SysWOW64\notepad.exe   --a---- 179712 bytes   [23:41 13/07/2009]   [01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C
C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe   --a---- 193536 bytes   [23:56 13/07/2009]   [01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe   --a---- 193536 bytes   [23:56 13/07/2009]   [01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe   --a---- 179712 bytes   [23:41 13/07/2009]   [01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C

-= EOF =-
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6347
Re: [In Progress K] Trojan-Downloader.BAT Infection And Strange Behavior
« Reply #63 on: July 04, 2012, 09:52:37 AM »
I need to see the log from Sophos,  Navigate Start > Computer > C:\Program data \Sophos. open the Sophos folder and expand to Logs.

Next,

We need to upload a file to Jotti

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\Windows\notepad.exe

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.



Upload same File to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file C:\Windows\notepad.exe
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Let me see log from Sophos and results from analysis

Kevin
Logged

Offline Allam

  • Bronze Member
  • Posts: 34
Re: [In Progress K] Trojan-Downloader.BAT Infection And Strange Behavior
« Reply #64 on: July 04, 2012, 10:28:34 AM »
Dear Kevin,

please find Sophos Log below

2012-07-03 22:31:50   Sophos Virus Removal Tool version 2.1
2012-07-03 22:31:50   Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-07-03 22:31:50   This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-07-03 22:31:50   Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2012-07-03 22:31:50   Component SVRTcli.exe version 2.1
2012-07-03 22:31:50   Component control.dll version 2.1
2012-07-03 22:31:50   Component SVRTservice.exe version 2.1
2012-07-03 22:31:50   Component osdp.dll version 1.44.0.1970
2012-07-03 22:31:50   Component veex.dll version 3.32.0.1970
2012-07-03 22:31:50   Component savi.dll version 7.5.8.1970
2012-07-03 22:31:50   Component rkdisk.dll version 1.5.30.0
2012-07-03 22:31:55   Option all = no
2012-07-03 22:31:55   Option recurse = yes
2012-07-03 22:31:55   Option archive = no
2012-07-03 22:31:55   Option service = yes
2012-07-03 22:31:55   Option confirm = yes
2012-07-03 22:31:55   Option sxl = yes
2012-07-03 22:31:55   Option max-data-age = 35
2012-07-03 22:31:55   Version info:   Product version   2.1
2012-07-03 22:31:55   Version info:   Detection engine   3.32.0
2012-07-03 22:31:55   Version info:   Detection data   4.78
2012-07-03 22:31:55   Version info:   Virus data date   6/4/2012
2012-07-03 22:31:55   Version info:   Data files added   366





2012-07-03 23:58:26   Could not open C:\Boot\BCD
2012-07-03 23:58:39   >>> Virus 'Mal/BatFTP-A' found in file C:\FRST\Quarantine\xp007.exe
2012-07-03 23:58:45   >>> Virus 'Mal/BatFTP-A' found in file C:\FRST\Quarantine\zy007.exe
2012-07-03 23:58:49   >>> Virus 'Mal/Nitol-C' found in file C:\hex007.exe\FILE:0000
2012-07-03 23:58:49   Could not open C:\hiberfil.sys
2012-07-03 23:58:53   Could not open C:\pagefile.sys
2012-07-04 00:25:57   Password protected file C:\Users\CurrentLoggedUser\Desktop\Docs\2007 Spends.xls
2012-07-04 00:25:57   Password protected file C:\Users\CurrentLoggedUser\Desktop\Docs\2011 Spends.xls
2012-07-04 00:28:06   Could not check C:\Users\CurrentLoggedUser\Desktop\visuals_in_socialscience.ppt (corrupt)
2012-07-04 00:36:49   Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-07-04 00:36:49   Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-07-04 00:56:58   >>> Virus 'Mal/BatFTP-A' found in file C:\xp007.exe
2012-07-04 00:57:04   >>> Virus 'Troj/DownBat-A' found in file C:\xp1433.exe
2012-07-04 00:57:09   >>> Virus 'Mal/BatFTP-A' found in file C:\xpx7.exe
2012-07-04 00:57:15   >>> Virus 'Mal/BatFTP-A' found in file C:\zy007.exe
2012-07-04 00:57:19   >>> Virus 'Troj/DownBat-A' found in file C:\zy1433.exe
2012-07-04 00:57:25   >>> Virus 'Mal/BatFTP-A' found in file C:\zyx7.exe
2012-07-04 00:57:31   >>> Virus 'Mal/BatFTP-A' found in file C:\_OTM\MovedFiles\06302012_235421\C_\xplgj.exe
2012-07-04 00:57:37   >>> Virus 'Mal/BatFTP-A' found in file C:\_OTM\MovedFiles\06302012_235421\C_\zylgj.exe
2012-07-04 00:58:49   >>> Virus 'Mal/Generic-L' found in file D:\Backup For 25-02-2011\CurrentLoggedUser\Desktop\Team--WarezHome.iNFO_MOH2010_crAck\TRiViUM\MoH_KeyGen.exe
2012-07-04 00:59:44   >>> Virus 'Mal/Generic-L' found in file D:\Backup For 25-02-2011\Desktop\Team--WarezHome.iNFO_MOH2010_crAck\TRiViUM\MoH_KeyGen.exe
2012-07-04 01:17:20   Password protected file D:\OLD COMPUTER\Drive D\Drive D\AliPC\2007 Spend.xls
2012-07-04 01:22:10   Password protected file D:\OLD COMPUTER\Drive D\Drive D\Alipc2\CurrentLoggedUser Flash\2007 Spend.xls
2012-07-04 01:23:38   Password protected file D:\OLD COMPUTER\Drive D\Drive D\Alipc2\CurrentLoggedUser Flash\Spends.xls
2012-07-04 01:40:59   >>> Virus 'Troj/KeyGen-HZ' found in file D:\OLD COMPUTER\Drive D\Drive D\Sources\Macromedia\MX\Flash Mx\Flash MX\keygen.exe
2012-07-04 01:41:38   >>> Virus 'Mal/KeyGen-U' found in file D:\OLD COMPUTER\Drive D\Drive D\Sources\MP3 Stuff\acoustica.mp3.audio.mixer.2.4xx.keygen-rev.exe
2012-07-04 01:47:07   >>> Virus 'Mal/Generic-L' found in file D:\OLD COMPUTER\Drive D\Drive D\Work\AAST\Java StuFF\Jbuilder\Borland Jbuilder X Enterprise v10.0-Keygen.exe
2012-07-04 01:54:13   >>> Virus 'Mal/Packer' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\ASP.NET\ASP.NET_Menu_v1.1\keygen\hz-cam.exe
2012-07-04 01:54:31   >>> Virus 'Mal/Packer' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\ASP.NET\Coalesys Webmenu For Asp Net v2_1_71\keygen\webmenu.for.asp.net.exe
2012-07-04 01:54:41   >>> Virus 'Mal/Packer' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\ASP.NET\cyberakt.Rich.Content.Rotator.ASP.Net.v1.0\Keygen\hz-crc.exe
2012-07-04 01:55:37   >>> Virus 'Mal/KeyGen-M' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\Dot Net Tools_1\Cracks\farpoint spread web form 1.0.4.0\Keygen.exe
2012-07-04 01:55:37   >>> Virus 'Mal/KeyGen-M' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\Dot Net Tools_1\Cracks\farpoint spread web form 1.0.4.0\Keygen.exe
2012-07-04 01:56:03   >>> Virus 'Mal/KeyGen-M' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\Dot Net Tools_1\Spread for web\Keygen.exe
2012-07-04 01:56:03   >>> Virus 'Mal/KeyGen-M' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\Dot Net Tools_1\Spread for web\Keygen.exe
2012-07-04 01:56:13   >>> Virus 'Mal/Zbot-AC' found in file D:\OLD COMPUTER\Drive D\Drive E\ASP.NET STUFF\New ASP\Dot Net Tools_1\VBexpress.Net v2.01\hz-vx2.exe
2012-07-04 01:56:35   Password protected file D:\OLD COMPUTER\Drive D\Drive E\C Backup April 2007\Backup December 2007\Documents and Settings\Desktop\2007 Spends.xls
2012-07-04 01:59:24   Password protected file D:\OLD COMPUTER\Drive D\Drive E\C Backup April 2007\Document and Settings\Desktop\2007 Spend.xls
2012-07-04 02:04:34   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\ADSeries60_EN.exe
2012-07-04 02:04:34   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\ADSeries60_EN.exe
2012-07-04 02:04:42   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\cf7650.exe
2012-07-04 02:04:42   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\cf7650.exe
2012-07-04 02:04:50   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\DigiaImagePlus.exe
2012-07-04 02:04:50   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\DigiaImagePlus.exe
2012-07-04 02:04:56   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\eFileMan.exe
2012-07-04 02:04:56   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\eFileMan.exe
2012-07-04 02:05:04   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\eProfiles.exe
2012-07-04 02:05:04   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\eProfiles.exe
2012-07-04 02:05:12   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\eProfilesPro.exe
2012-07-04 02:05:12   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\eProfilesPro.exe
2012-07-04 02:05:20   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\Finanz.exe
2012-07-04 02:05:20   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\Finanz.exe
2012-07-04 02:05:29   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\JoyCalc.exe
2012-07-04 02:05:29   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\JoyCalc.exe
2012-07-04 02:05:37   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\MeltDown7650_10.exe
2012-07-04 02:05:37   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\MeltDown7650_10.exe
2012-07-04 02:05:45   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\mgskarting7650.exe
2012-07-04 02:05:45   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\mgskarting7650.exe
2012-07-04 02:05:53   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\miniboard.exe
2012-07-04 02:05:53   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\miniboard.exe
2012-07-04 02:06:01   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\Mmp_7650.exe
2012-07-04 02:06:01   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\Mmp_7650.exe
2012-07-04 02:06:09   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\pe.exe
2012-07-04 02:06:09   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\pe.exe
2012-07-04 02:06:17   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\qimagingns60_100_en.exe
2012-07-04 02:06:17   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\qimagingns60_100_en.exe
2012-07-04 02:06:25   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\redbluebtns60_101_en.exe
2012-07-04 02:06:25   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\redbluebtns60_101_en.exe
2012-07-04 02:06:33   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\RToneStudio7650_11.exe
2012-07-04 02:06:33   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\RToneStudio7650_11.exe
2012-07-04 02:06:41   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\S60_AutoStart.exe
2012-07-04 02:06:41   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\S60_AutoStart.exe
2012-07-04 02:06:49   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\S60_TaskMan.exe
2012-07-04 02:06:49   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\S60_TaskMan.exe
2012-07-04 02:06:57   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sCapture.exe
2012-07-04 02:06:57   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sCapture.exe
2012-07-04 02:07:05   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sDoubler.exe
2012-07-04 02:07:05   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sDoubler.exe
2012-07-04 02:07:13   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\skyraiderns60_102_en.exe
2012-07-04 02:07:13   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\skyraiderns60_102_en.exe
2012-07-04 02:07:21   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\SoftKeypad.exe
2012-07-04 02:07:21   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\SoftKeypad.exe
2012-07-04 02:07:29   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sSaver.exe
2012-07-04 02:07:29   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sSaver.exe
2012-07-04 02:07:35   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sTools.exe
2012-07-04 02:07:35   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\sTools.exe
2012-07-04 02:07:43   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\tennismaniac.exe
2012-07-04 02:07:43   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\tennismaniac.exe
2012-07-04 02:07:51   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\wClock.exe
2012-07-04 02:07:51   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\wClock.exe
2012-07-04 02:07:59   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\wClockPro.exe
2012-07-04 02:07:59   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\wClockPro.exe
2012-07-04 02:08:07   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\ZipMan7650_12.exe
2012-07-04 02:08:07   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 3650 - 7650 key generators (1)\key generators\ZipMan7650_12.exe
2012-07-04 02:08:15   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\NOKIA 7650 - rtonestudio 1.0 (WITH CRACK)\RToneStudio7650_11.exe
2012-07-04 02:08:15   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\NOKIA 7650 - rtonestudio 1.0 (WITH CRACK)\RToneStudio7650_11.exe
2012-07-04 02:08:24   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\NOKIA 7650 - system_tools (FUUL) (1)\sTools.exe
2012-07-04 02:08:24   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\NOKIA 7650 - system_tools (FUUL) (1)\sTools.exe
2012-07-04 02:08:32   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\ADSeries60_EN.exe
2012-07-04 02:08:32   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\ADSeries60_EN.exe
2012-07-04 02:08:40   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\CF7650.EXE
2012-07-04 02:08:40   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\CF7650.EXE
2012-07-04 02:08:48   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\DigiaImagePlus.exe
2012-07-04 02:08:48   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\DigiaImagePlus.exe
2012-07-04 02:08:56   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\eFileMan.exe
2012-07-04 02:08:56   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\eFileMan.exe
2012-07-04 02:09:04   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\eProfiles.exe
2012-07-04 02:09:04   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\eProfiles.exe
2012-07-04 02:09:12   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\eProfilesPro.exe
2012-07-04 02:09:12   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\eProfilesPro.exe
2012-07-04 02:09:20   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\Finanz.exe
2012-07-04 02:09:20   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\Finanz.exe
2012-07-04 02:09:28   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\JoyCalc.exe
2012-07-04 02:09:28   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\JoyCalc.exe
2012-07-04 02:09:36   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\MeltDown7650_10.exe
2012-07-04 02:09:36   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\MeltDown7650_10.exe
2012-07-04 02:09:42   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\mgskarting7650.exe
2012-07-04 02:09:42   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\mgskarting7650.exe
2012-07-04 02:09:50   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\miniboard.exe
2012-07-04 02:09:50   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\miniboard.exe
2012-07-04 02:09:58   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\PE.EXE
2012-07-04 02:09:58   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\PE.EXE
2012-07-04 02:10:07   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\qimagingns60_100_en.exe
2012-07-04 02:10:07   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\qimagingns60_100_en.exe
2012-07-04 02:10:15   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\redbluebtns60_101_en.exe
2012-07-04 02:10:15   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\redbluebtns60_101_en.exe
2012-07-04 02:10:23   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\S60_AutoStart.exe
2012-07-04 02:10:23   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\S60_AutoStart.exe
2012-07-04 02:10:31   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\S60_TaskMan.exe
2012-07-04 02:10:31   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\S60_TaskMan.exe
2012-07-04 02:10:39   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\sCapture.exe
2012-07-04 02:10:39   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\sCapture.exe
2012-07-04 02:10:47   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\sDoubler.exe
2012-07-04 02:10:47   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\sDoubler.exe
2012-07-04 02:10:55   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\skyraiderns60_102_en.exe
2012-07-04 02:10:55   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\skyraiderns60_102_en.exe
2012-07-04 02:11:03   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\SoftKeypad.exe
2012-07-04 02:11:03   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\SoftKeypad.exe
2012-07-04 02:11:11   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\tennismaniac.exe
2012-07-04 02:11:11   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\tennismaniac.exe
2012-07-04 02:11:19   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\wClock.exe
2012-07-04 02:11:19   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\wClock.exe
2012-07-04 02:11:27   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\wClockPro.exe
2012-07-04 02:11:27   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\wClockPro.exe
2012-07-04 02:11:35   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\ZipMan7650_12.exe
2012-07-04 02:11:35   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\Nokia 7650 key generators\key generators\ZipMan7650_12.exe
2012-07-04 02:11:41   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\nokia 7650 multimedia player\Mmp_7650.exe
2012-07-04 02:11:41   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\nokia 7650 multimedia player\Mmp_7650.exe
2012-07-04 02:11:54   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\nokia-7650-sceen-saver\sSaver.exe
2012-07-04 02:11:54   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\7650 full prog\nokia-7650-sceen-saver\sSaver.exe
2012-07-04 02:12:02   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\ir_remote\full_remote\irRemote_0.97b.exe
2012-07-04 02:12:02   >>> Virus 'Mal/Gendal-B' found in file D:\OLD COMPUTER\Drive D\Drive E\Shady Rayan\mob.program\ir_remote\full_remote\irRemote_0.97b.exe
2012-07-04 02:18:54   Password protected file D:\OLD COMPUTER\Drive D\ITWorx PC\Drive D\CurrentFlash 25-2-2008\2007 Spends.xls
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\computer name updated 14-6-2010.xls.xlsx
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\computer name.xls
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\Copy of OTH Telephone List.xls
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\Created and Reserved extensions.xlsx
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\HDD password.xls
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\Licenses\PowerPressed-50 Licenses.xls
2012-07-04 02:30:20   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\Licenses\Volume License Product Keys.xls
2012-07-04 02:30:26   Password protected file D:\OTH STuff\Sources\Hussein Sources\OTH Documents\DOC\OTH Telephone List.xlsx
2012-07-04 02:39:39   Password protected file E:\Backup\Users\CurrentLoggedUser\Desktop\2007 Spends.xls
2012-07-04 02:39:39   Password protected file E:\Backup\Users\CurrentLoggedUser\Desktop\2011 Spends.xls
2012-07-04 02:43:14   The following items will be cleaned up:
2012-07-04 02:43:14   Mal/BatFTP-A
2012-07-04 02:43:14   Troj/DownBat-A
2012-07-04 02:43:14   Mal/Generic-L
2012-07-04 02:43:14   Troj/KeyGen-HZ
2012-07-04 02:43:14   Mal/KeyGen-U
2012-07-04 02:43:14   Mal/Packer
2012-07-04 02:43:14   Mal/KeyGen-M
2012-07-04 02:43:14   Mal/Zbot-AC
2012-07-04 02:43:14   Mal/Gendal-B
2012-07-04 02:43:14   Mal/Nitol-C
2012-07-04 07:16:08   File "C:\FRST\Quarantine\xp007.exe" belongs to malware 'Mal/BatFTP-A'.
2012-07-04 07:16:08   File "C:\FRST\Quarantine\xp007.exe" has been cleaned up.
2012-07-04 07:16:08   File "C:\FRST\Quarantine\zy007.exe" belongs to malware 'Mal/BatFTP-A'.
2012-07-04 07:16:08   File "C:\FRST\Quarantine\zy007.exe" has been cleaned up.
2012-07-04 07:16:08   File "C:\xp007.exe" belongs to malware 'Mal/BatFTP-A'.
2012-07-04 07:16:08   File "C:\xp007.exe" was not cleaned up.
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:08   Removal failed
2012-07-04 07:16:09   >>> Virus 'Mal/Nitol-C' found in file C:\hex007.exe\FILE:0000
2012-07-04 07:16:09   Disinfection failed

2012-07-04 09:50:34   Scan completed.
2012-07-04 09:50:34   

------------------------------------------------------------

Jotti's LOG

Filename:
notepad.exe

Status:
Scan finished. 0 out of 19 scanners reported malware.


VirusTotal Log

SHA256:

142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2





















File name:

C:\Windows\notepad.exe









Detection ratio:

0 / 42



Analysis date:

 2012-07-04 16:27:24 UTC ( 0 minutes ago )
Logged

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2151
Re: [In Progress K] Trojan-Downloader.BAT Infection And Strange Behavior
« Reply #65 on: July 04, 2012, 02:04:33 PM »
Allam

Your scans have shown that you have several cracks and keygens on your PC.  Our policy as stated in:

http://spywarehammer.com/simplemachinesforum/index.php?topic=236.0

is we cannot work on a system that:   "contains, links to, or solicits any copyright material, including pirated software, warez, illegal hacking (cracking), key generators, or information or tools to circumvent copyright protections"

If you wish to remove all the crackware and keygens from your machine, we can continue.  Please PM me if and when this is accomplished and we will re-scan and decide if we wish to proceed.

In the interim I have locked your post.
Logged
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte
Pages: 1 ... 3 4 [5]   Go Up
« previous next »