1 Reply Latest reply on Feb 13, 2010 10:24 AM by anandd

    artemis trojan info help needed

      I found an alert via McAfee about Artemis!2a4a19358ea5 and w32/routroworm.text!. They've been quarantined and deleted along with several others thanks to malwarebytes. Still running more scans, and now i want to know, what else do i need to do?

       

      Below is the log report if it helps

       

      Malwarebytes' Anti-Malware 1.44
      Database version: 3731
      Windows 6.1.7600
      Internet Explorer 8.0.7600.16385

      2/12/2010 8:27:20 PM
      mbam-log-2010-02-12 (20-27-20).txt

      Scan type: Quick Scan
      Objects scanned: 101008
      Time elapsed: 8 minute(s), 29 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 20
      Registry Keys Infected: 7
      Registry Values Infected: 1
      Registry Data Items Infected: 39
      Folders Infected: 3
      Files Infected: 25

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      C:\Windows\SysWOW64\fdProxy32.dll (Trojan.Xulcache) -> Delete on reboot.
      C:\Windows\System32\ExplorerFrame32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\Faultrep32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\Faultrep3232.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dcodli32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmintf32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmocx32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmrc32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmscript32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmstyle32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmsynth32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\fdPnp32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\fdPnp3232.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\fdSSDP32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\lq3oe9b9o5gru32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\muido9eizfovp32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\wof7q32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\z5pcmb32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\zb6ztg5f7tnw332.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\zljemggoincq31632.dll (Trojan.Tracur) -> Delete on reboot.

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{015edff8-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{15edff8b-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{015edff8- 8fb6-4d84-9be1-4e1b2d847c13} (Trojan.Xulcache) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15edff8b- 8fb6-4d84-9be1-4e1b2d847c13} (Trojan.Xulcache) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{015edff8-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15edff8b-8fb6-4d84-9be1-4e1b2d847c13} (Trojan.BHO.H) -> Quarantined and deleted successfully.

      Registry Values Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmintf32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\fdpnp32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmstyle32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\fdpnp32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dcodli32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\faultrep32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\fdpnp3232.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmintf32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmocx32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmocx32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmstyle32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmsynth32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmsynth32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\faultrep32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\muido9eizfovp32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\faultrep3232.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\fdpnp3232.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\wof7q32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\lq3oe9b9o5gru32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmrc32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmrc32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\z5pcmb32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\zb6ztg5f7tnw332.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\explorerframe32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\explorerframe32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\zljemggoincq31632.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\muido9eizfovp32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\wof7q32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dcodli32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\fdssdp32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\faultrep3232.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\z5pcmb32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\lq3oe9b9o5gru32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmscript32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\fdssdp32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\zljemggoincq31632.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\zb6ztg5f7tnw332.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmscript32.dll -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\N oActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Folders Infected:
      C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

      Files Infected:
      C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
      C:\Users\boredcheeta\AppData\Roaming\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
      C:\Windows\SysWOW64\fdProxy32.dll (Trojan.BHO.H) -> Delete on reboot.
      C:\Windows\System32\ExplorerFrame32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\Faultrep32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\Faultrep3232.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dcodli32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmintf32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmocx32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmrc32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmscript32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmstyle32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dmsynth32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\dot3dlg32.dll (Trojan.Xulcache) -> Quarantined and deleted successfully.
      C:\Windows\System32\fdPnp32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\fdPnp3232.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\fdProxy32.dll (Trojan.Xulcache) -> Delete on reboot.
      C:\Windows\System32\fdSSDP32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\lq3oe9b9o5gru32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\muido9eizfovp32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\wof7q32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\z5pcmb32.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\zb6ztg5f7tnw332.dll (Trojan.Tracur) -> Delete on reboot.
      C:\Windows\System32\zljemggoincq31632.dll (Trojan.Tracur) -> Delete on reboot.

       

       

      Message was edited by: LMKing1984 on 2/12/10 7:58:30 PM CST