LoL! Well anyway...HRTK InfoSteal

Archive
1

Got a hit today from a ligit search today ran updated definitions on both malwarebytes and norton av both progs detected infection.

NAV blocked but didnt remove infection so i used wipeinfo tool on all exe's.

Malwarebytes with updated definitions has detected remnants but has taken no action

Although i thought  MB was set to remove/quarentine threats.

2 .exes remained in anothe temp folder both called "load"= load[1].exe

 

one txt doc called "command" goes to here: 91.207.61.43/cgi-bin/command.cgi?user_id=394008502&version_id=
15&passphrase=fkjvhsdvlksdhvlsd&socks=12602&version=125&crc=00000000

Whois database says the registrant is located in the Ukraine.

The exe's are as follows:

h**p//hyperliteautoservices.cn/load.php?id=7&0

h**p//hyperliteautoservices.cn/load.php?id=4

 

So if anyone wants to help what would suggest i do with the malewarebytes prog since it has only detected the infection.

Malwarebytes' Anti-Malware 1.36
Database version: 1952
Windows 5.1.2600 Service Pack 2

4/8/2009 3:00:03 PM
mbam-log-2009-04-08 (15-00-01).txt

Scan type: Quick Scan
Objects scanned: 71870
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\9129837.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> No action taken.
TIA