oliviajones
asked on
Malbytes finds 6 trojans. what do I do next?
Whilst rying to get rid of a nasty redirect virus I ran Malbytes. It found multiple trojans. Here is the log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7854
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
10/3/2011 2:33:48 PM
mbam-log-2011-10-03 (14-33-26).txt
Scan type: Full scan (C:\|D:\|E:\|H:\|J:\|)
Objects scanned: 549424
Time elapsed: 1 hour(s), 28 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharpr oj (Trojan.BHO) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE \Microsoft \Windows\C urrentVers ion\Run\Re asonable_S oftware_Ho use Update (Trojan.Agent) -> Value: Reasonable_Software_House Update -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Run\ Reasonable _Software_ House Update (Trojan.Agent) -> Value: Reasonable_Software_House Update -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Olivia\AppData\Lo cal\reason able_softw are_house\ reasonable _software_ houseupdat e\reasonab le_softwar e_houseupd t32.exe (Trojan.Agent) -> No action taken.
c:\Users\Olivia\AppData\Lo cal\reason able_softw are_house\ reasonable _software_ houseupdat e\reasonab le_softwar e_houseupd t32.dll (Trojan.Agent) -> No action taken.
c:\Users\Olivia\Desktop\rd trouble shoot\rk_quarantine\reason able_softw are_houseu pdt32.exe. vir (Trojan.Agent) -> No action taken
What should I do now? Thanks.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7854
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
10/3/2011 2:33:48 PM
mbam-log-2011-10-03 (14-33-26).txt
Scan type: Full scan (C:\|D:\|E:\|H:\|J:\|)
Objects scanned: 549424
Time elapsed: 1 hour(s), 28 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharpr
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE
HKEY_USERS\.DEFAULT\SOFTWA
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Olivia\AppData\Lo
c:\Users\Olivia\AppData\Lo
c:\Users\Olivia\Desktop\rd
What should I do now? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In short, backup your data and reinstall Windows. That may seem like the "easy way out", but it is the quickest and most reliable way to get back up and running.
ASKER
I think I still have the option to let malbytes take care of it. I thought maybe it was better to submit logs here first for expert review. just an excess of caution I guess. Reinstalling windows would be a last ditch nightmare for me. should I try to have malbytes take care of it first?
yes you should have done it at once.
ASKER
I have removed all threats and rebooted. Should I run Malbytes again?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
reran mbam again (quick scan) and BHO trojan was BACK in the registry. So now I'll start this dance again w/ hijack this, but that's another question...Thanks all