Malbytes finds 6 trojans. what do I do next?

Posted on 2011-10-03
Medium Priority
Last Modified: 2012-05-12
Whilst rying to get rid of a nasty redirect virus I ran Malbytes. It found multiple trojans. Here is the log:

Malwarebytes' Anti-Malware

Database version: 7854

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/3/2011 2:33:48 PM
mbam-log-2011-10-03 (14-33-26).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|J:\|)
Objects scanned: 549424
Time elapsed: 1 hour(s), 28 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Reasonable_Software_House Update (Trojan.Agent) -> Value: Reasonable_Software_House Update -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Reasonable_Software_House Update (Trojan.Agent) -> Value: Reasonable_Software_House Update -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Olivia\AppData\Local\reasonable_software_house\reasonable_software_houseupdate\reasonable_software_houseupdt32.exe (Trojan.Agent) -> No action taken.
c:\Users\Olivia\AppData\Local\reasonable_software_house\reasonable_software_houseupdate\reasonable_software_houseupdt32.dll (Trojan.Agent) -> No action taken.
c:\Users\Olivia\Desktop\rd trouble shoot\rk_quarantine\reasonable_software_houseupdt32.exe.vir (Trojan.Agent) -> No action taken

What should I do now? Thanks.
Question by:oliviajones
LVL 10

Accepted Solution

himanshut earned 1400 total points
ID: 36907425
On completion of scan, Malwarebytes should give you option to "Disinfect"/"Clean".
Just click that button and it will take care by itself.

LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 200 total points
ID: 36907430
boot off of your install DVD chose repair then get a command prompt and delete these entries
start your registry editor (regedit) and delete the key
I'm surprised malware bytes didn't delete them.. or did you tell it NOT to take action?

Expert Comment

ID: 36907433
In short, backup your data and reinstall Windows. That may seem like the "easy way out", but it is the quickest and most reliable way to get back up and running.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.


Author Comment

ID: 36907458
I think I still have the option to let malbytes take care of it. I thought maybe it was better to submit logs here first for expert review. just an excess of caution I guess. Reinstalling windows would be a last ditch nightmare for me. should I try to have malbytes take care of it first?
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 36907482
yes you should have done it at once.

Author Comment

ID: 36907522
I have removed all threats and rebooted. Should I run Malbytes again?
LVL 47

Assisted Solution

rpggamergirl earned 200 total points
ID: 36907525
Is that "Reasonable_Software_House" installed by you or anyone who uses that PC?
If no one installed "NoClone" or any program from Reasonable_Software_house then let MalwareBytes take care of everything it finds and check in Add/Remove Programs list for that software also and uninstalled it there if listed.

Sometimes Malwarebytes flags some unknown software as trojans.
LVL 93

Assisted Solution

nobus earned 200 total points
ID: 36908286
you can run MBAM again
in most cases, you don't need to run the full scan - use the quick one instead

Author Closing Comment

ID: 36909726
reran mbam again (quick scan) and BHO  trojan was BACK in the registry. So now I'll start this dance again w/ hijack this, but that's another question...Thanks all

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question