password.stealer

[merle211]

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/13/2009 9:47:31 PM
mbam-log-2009-12-13 (21-47-31).txt

Scan type: Quick Scan
Objects scanned: 100384
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 65

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\Win.exe (IM.Worm) -> Delete on reboot.
C:\Windows\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot.
C:\Windows\repair\kasutio (Rootkit.Rustock) -> Delete on reboot.
C:\Windows\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot.
C:\Windows\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot.
C:\Windows\repair\sql.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\repair\whw.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.