cancel
Showing results for 
Search instead for 
Did you mean: 
LMKing1984
Level 7

artemis trojan info help needed

I found an alert via McAfee about Artemis!2a4a19358ea5 and w32/routroworm.text!. They've been quarantined and deleted along with several others thanks to malwarebytes. Still running more scans, and now i want to know, what else do i need to do?

Below is the log report if it helps

Malwarebytes' Anti-Malware 1.44
Database version: 3731
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/12/2010 8:27:20 PM
mbam-log-2010-02-12 (20-27-20).txt

Scan type: Quick Scan
Objects scanned: 101008
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 20
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 39
Folders Infected: 3
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\SysWOW64\fdProxy32.dll (Trojan.Xulcache) -> Delete on reboot.
C:\Windows\System32\ExplorerFrame32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\Faultrep32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\Faultrep3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dcodli32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmintf32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmocx32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmrc32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmscript32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmstyle32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmsynth32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\fdPnp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\fdPnp3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\fdSSDP32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\lq3oe9b9o5gru32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\muido9eizfovp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\wof7q32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\z5pcmb32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\zb6ztg5f7tnw332.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\zljemggoincq31632.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{015edff8-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15edff8b-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{015edff8-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.Xulcache) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15edff8b-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.Xulcache) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{015edff8-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15edff8b-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmintf32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\fdpnp32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmstyle32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\fdpnp32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dcodli32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\faultrep32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\fdpnp3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmintf32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmocx32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmocx32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmstyle32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmsynth32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmsynth32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\faultrep32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\muido9eizfovp32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\faultrep3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\fdpnp3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\wof7q32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\lq3oe9b9o5gru32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmrc32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmrc32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\z5pcmb32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\zb6ztg5f7tnw332.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\explorerframe32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\explorerframe32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\zljemggoincq31632.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\muido9eizfovp32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\wof7q32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dcodli32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\fdssdp32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\faultrep3232.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\z5pcmb32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\lq3oe9b9o5gru32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmscript32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\fdssdp32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\zljemggoincq31632.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\zb6ztg5f7tnw332.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmscript32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Users\boredcheeta\AppData\Roaming\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\fdProxy32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Windows\System32\ExplorerFrame32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\Faultrep32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\Faultrep3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dcodli32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmintf32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmocx32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmrc32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmscript32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmstyle32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dmsynth32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dot3dlg32.dll (Trojan.Xulcache) -> Quarantined and deleted successfully.
C:\Windows\System32\fdPnp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\fdPnp3232.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\fdProxy32.dll (Trojan.Xulcache) -> Delete on reboot.
C:\Windows\System32\fdSSDP32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\lq3oe9b9o5gru32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\muido9eizfovp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\wof7q32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\z5pcmb32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\zb6ztg5f7tnw332.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\zljemggoincq31632.dll (Trojan.Tracur) -> Delete on reboot.

Message was edited by: LMKing1984 on 2/12/10 7:58:30 PM CST
0 Kudos
1 Reply
anandd
Level 9

Re: artemis trojan info help needed

Hello,

The first thing you can do is to reboot and do a rescan with the latest engine and DATs. Engine and DATs are available at: <http://www.mcafee.com/apps/downloads/security_updates/dat.asp>

Once you do a reboot and rescan, your system should be ok as per the log posted below.

If you still get a Artemis detection, please let us know more details about the location (the path), the filename etc.

Artemis detection actually provides real-time protection to consumers from threats as they strike and much quicker than traditional signatures can be deployed.

Regards,

Anand

0 Kudos