Need help with dozen of trojans

Discussion in 'malware problems & news' started by slickr, Jan 11, 2010.

Thread Status:
Not open for further replies.
  1. slickr

    slickr Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    2
    Hi there. I need help with removing dozen of trojans.
    I'd like to know if i delete these trojans, if my operating system "XP" will boot or would i need to reinstall?

    Scan type: Quick Scan
    Objects scanned: 102175
    Time elapsed: 5 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> No action taken.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrec75dnd7 (Trojan.Agent) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Slick\Local Settings\Temp\a.exe (Trojan.Dropper) -> No action taken.
    C:\Documents and Settings\Slick\Local Settings\Temp\b.exe (Trojan.Dropper) -> No action taken.
    C:\Documents and Settings\Slick\Local Settings\Temp\c.exe (Trojan.Dropper) -> No action taken.
     
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    I am missing what application found them?
    Regards,
    Jerry
     
  4. slickr

    slickr Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    2
    malwerbytes antimalware
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  6. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    I kill this one a few times a day while researching (it is absolutely everywhere and has sources on virtually all attack vectors) and can confirm that removal goes smoothly with Malwarebytes , this is not an aggressive infection .
     
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    HI Bruce,

    Would running MBAM in real time prevent the infection?

    Thanks,
    Jerry
     
  9. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA

    Yes , we have been 0day on this for a long time now .

    Most of the time IP protection wont even let it get anywhere near you but if it gets by that the PM has multiple ways to stop it .

    Like I was saying , this is not an aggressive infection , it just happens to use way over the top packing to evade the AVs .
     
  10. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    Thanks Bruce,

    I run it real time on both computers, and IP checked on my desktop, but the laptop often blocks 209.44.107.13. I did ask about this on the MBAM forum, but I did not understand whether it was really malicious or not. I unchecked IP Protection on the laptop, but it never blocks that IP on this machine.

    I shouldn't hijack this thread, but would it be true that the OP trojans would not be blocked if the IP Protection was unchecked?
    Forgive me, but I am in the slow group re computers.

    Regards,
    Jerry
     
  11. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    IP blocking is not needed on this one , no , it provides several other ways to attack it .

    It is just nice when you don't need to ever tell MBAM to quarantine the dropper because the IP blocker stopped it .

    We are adding better IP blocking controls in the next version to make it more user friendly .
     
  12. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    Many thanks, Bruce.
    I really appreciate the timely response, and the help you always give.

    Regards,
    Jerry
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.