turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
emanonms
Visitor
emanonms
Posts: 4
Registered: 07-23-2009

b.exe and trojandownloader in my computer

Options

07-23-2009 05:19 PM

Hi.

 

It seems that somehow i got the b.exe in my computer, ive been reading some posts, and think that i got it somewhat figured out on how to remove it.. I installed Hijackthis and Malwarebytes and did a full scan with the Malwarebytes and followed the steps to quarantine and delete the things found, im just not sure which files to fix on the HJT. I'm including my logs if anyone could help me and tell me which ones i have to fix and if theres any other programs that i have to dl to fix this.

 

thanks

 

sorry for some reason its not letting me attach the malwarebytes log.

 

Malwarebytes' Anti-Malware 1.39
Database version: 2491
Windows 6.0.6001 Service Pack 1

7/23/2009 7:52:16 PM
mbam-log-2009-07-23 (19-52-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 271779
Time elapsed: 1 hour(s), 1 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Attachment hijackthis.log 15 KB
Report Inappropriate Content
Message 1 of 8 (3,872 Views)
0 Kudos
Quads
Virus Trouncer
Quads
Posts: 7,386
Registered: 07-21-2008

Re: b.exe and trojandownloader in my computer

Options

07-23-2009 05:28 PM

Are you using a 64 bit OS (operating system)??

 

Quads 

Report Inappropriate Content
Message 2 of 8 (3,855 Views)
0 Kudos
emanonms
Visitor
emanonms
Posts: 4
Registered: 07-23-2009

Re: b.exe and trojandownloader in my computer

Options

07-23-2009 05:39 PM

yes i believe i am. Does that make a difference?

 

i ran HJT again after i rebooted my comp, attached is the log for comparison if that helps.

 

 

Attachment hijackthis.log 15 KB
Report Inappropriate Content
Message 3 of 8 (3,850 Views)
0 Kudos
Quads
Virus Trouncer
Quads
Posts: 7,386
Registered: 07-21-2008

Re: b.exe and trojandownloader in my computer

Options

07-24-2009 12:59 AM

Use Hijackthis to Fix these entries

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [Monopod] C:\Users\Deco\AppData\Local\Temp\b.exe

O4 - HKUS\S-1-5-19\..\RunOnce: []  (User 'LOCAL SERVICE')

 

O4 - HKUS\S-1-5-20\..\RunOnce: []  (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')

 

Quads 

 

Report Inappropriate Content
Message 4 of 8 (3,808 Views)
0 Kudos
emanonms
Visitor
emanonms
Posts: 4
Registered: 07-23-2009

Re: b.exe and trojandownloader in my computer

Options

07-24-2009 04:00 AM

Thanks..

 

i went ahead and used HJT to fix them, but it wase't working, so i rebooted in safe mode and did it that way, but how can i be sure that the issue is fixed? is there a way to double check, or is that it and i shouldnt worry?

Report Inappropriate Content
Message 5 of 8 (3,778 Views)
0 Kudos
delphinium
Posts: 9,680
Kudos: 2,847
Solutions: 282
Registered: 11-21-2008

Re: b.exe and trojandownloader in my computer

Options

07-24-2009 08:14 AM

Emanonms:

 

Please run another Malwarebytes ful scan and check to see that everything has been deleted.  If you have anything more serious it will show on MBA.  If any of the deleted entries have returned in the MBAM log, we will look at it.

 

Also after any infection you should disable system restore as it can hide there, clear your browser caches and your temp files.

 

Then scan.  If you are clean, you can set a manual restore point.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Report Inappropriate Content
Message 6 of 8 (3,744 Views)
0 Kudos
emanonms
Visitor
emanonms
Posts: 4
Registered: 07-23-2009

Re: b.exe and trojandownloader in my computer

Options

07-24-2009 02:26 PM

ok i did another MBA scan and everything looks good, so i'm gonna take that as the issue beeing solved..

 

Thanks everyone.

Report Inappropriate Content
Message 7 of 8 (3,719 Views)
0 Kudos
shannons
Posts: 8,746
Topics: 37
Kudos: 79
Solutions: 7
Registered: 01-07-2009

Re: b.exe and trojandownloader in my computer

Options

08-09-2009 10:28 AM

Moved: http://community.norton.com/t5/Norton-Internet-Security-Norton/b-exe-and-trojandownloader-remaining-on-computer/m-p/129319/message-uid/129319#U129319

Moved to own thread for better exposure.

Report Inappropriate Content
Message 8 of 8 (2,995 Views)
0 Kudos