Need help with dozen of trojans

Discussion in 'malware problems & news' started by slickr, Jan 11, 2010.

Thread Status:
Not open for further replies.
  1. slickr

    slickr Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    2
    Hi there. I need help with removing dozen of trojans.
    I'd like to know if i delete these trojans, if my operating system "XP" will boot or would i need to reinstall?

    Scan type: Quick Scan
    Objects scanned: 102175
    Time elapsed: 5 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> No action taken.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrec75dnd7 (Trojan.Agent) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Slick\Local Settings\Temp\a.exe (Trojan.Dropper) -> No action taken.
    C:\Documents and Settings\Slick\Local Settings\Temp\b.exe (Trojan.Dropper) -> No action taken.
    C:\Documents and Settings\Slick\Local Settings\Temp\c.exe (Trojan.Dropper) -> No action taken.
     
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I am missing what application found them?
    Regards,
    Jerry
     
  4. slickr

    slickr Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    2
    malwerbytes antimalware
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  6. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    I kill this one a few times a day while researching (it is absolutely everywhere and has sources on virtually all attack vectors) and can confirm that removal goes smoothly with Malwarebytes , this is not an aggressive infection .
     
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    HI Bruce,

    Would running MBAM in real time prevent the infection?

    Thanks,
    Jerry
     
  9. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA

    Yes , we have been 0day on this for a long time now .

    Most of the time IP protection wont even let it get anywhere near you but if it gets by that the PM has multiple ways to stop it .

    Like I was saying , this is not an aggressive infection , it just happens to use way over the top packing to evade the AVs .
     
  10. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks Bruce,

    I run it real time on both computers, and IP checked on my desktop, but the laptop often blocks 209.44.107.13. I did ask about this on the MBAM forum, but I did not understand whether it was really malicious or not. I unchecked IP Protection on the laptop, but it never blocks that IP on this machine.

    I shouldn't hijack this thread, but would it be true that the OP trojans would not be blocked if the IP Protection was unchecked?
    Forgive me, but I am in the slow group re computers.

    Regards,
    Jerry
     
  11. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    IP blocking is not needed on this one , no , it provides several other ways to attack it .

    It is just nice when you don't need to ever tell MBAM to quarantine the dropper because the IP blocker stopped it .

    We are adding better IP blocking controls in the next version to make it more user friendly .
     
  12. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Many thanks, Bruce.
    I really appreciate the timely response, and the help you always give.

    Regards,
    Jerry
     
Loading...
Thread Status:
Not open for further replies.