Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Hi,

This trojan does not want to be removed by AVG and I am not really sure if my computer is at risk.
I have found an existing thread on the forum (http://forums.techguy.org/malware-removal-hijackthis-logs/851925-xp-trojan-horse-rootkit-pakes.html) and followed the advices provided in the last reply.
I have installed ATF Cleaner which did not find any file to remove.
Then I have installed Malwarebytes' Anti-Malware and here is the report generated (I can help translating the bits in French if needed)

Malwarebytes' Anti-Malware 1.40
Version de la base de donnÈes: 2659
Windows 5.1.2600 Service Pack 2

20/08/2009 00:25:43
mbam-log-2009-08-20 (00-25-30).txt

Type de recherche: Examen rapide
ElÈments examinÈs: 98412
Temps ÈcoulÈ: 4 minute(s), 36 second(s)

Processus mÈmoire infectÈ(s): 0
Module(s) mÈmoire infectÈ(s): 0
ClÈ(s) du Registre infectÈe(s): 4
Valeur(s) du Registre infectÈe(s): 4
ElÈment(s) de donnÈes du Registre infectÈ(s): 0
Dossier(s) infectÈ(s): 1
Fichier(s) infectÈ(s): 5

Processus mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Module(s) mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

ClÈ(s) du Registre infectÈe(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\browserctl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\browserctl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browserctl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\browserctldrv (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectÈe(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms18_word (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\browserctl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms18_word (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.

ElÈment(s) de donnÈes du Registre infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Dossier(s) infectÈ(s):
C:\Program Files\BrowserCtl (Trojan.Agent) -> No action taken.

Fichier(s) infectÈ(s):
C:\Program Files\BrowserCtl\browserctl.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\F5\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
C:\Documents and Settings\F5\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> No action taken.

Thanks for your help
Nico
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top