14 May 2012

Malware Client Dumps

5 Comments

Post the dumps here

[top]
About the Author


Owner

5 Responses to Malware Client Dumps
  1. Malwarebytes Anti-Malware 1.61.0.1400
    http://www.malwarebytes.org

    Database version: v2012.05.14.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    John :: JOHN-PC [administrator]

    5/14/2012 4:10:52 PM
    mbam-log-2012-05-14 (16-10-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209010
    Time elapsed: 3 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 5
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (PUP.MyWebSearch) -> Delete on reboot.

    Registry Keys Detected: 16
    HKCR\CLSID\{c4b22c87-45ef-4f43-89f2-40db2078864e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{476d2996-ce78-4a30-95f7-80dbb4c9d623} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{6e444154-ef7c-46e9-bd43-f0f5c2b2518c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{da71fd14-5f7b-46ae-b8b1-44074a38f331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Data: 6!;¤AµÚ>¸ZVÂ -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyFunCards Search Scope Monitor (PUP.MyWebSearch) -> Data: “C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe” /m=2 /w /h -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    (end)

  2. Malwarebytes Anti-Malware 1.61.0.1400
    http://www.malwarebytes.org

    Database version: v2012.05.15.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    PC-07 :: PC07 [administrator]

    5/15/2012 1:28:56 PM
    mbam-log-2012-05-15 (13-28-56).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 185069
    Time elapsed: 4 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKLM\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a·¸+߬H»à¼À:›; -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\PC-07\My Documents\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)

  3. Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    http://www.malwarebytes.org

    Databaseversie: v2013.01.09.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    eigenaar :: PC [administrator]

    Bescherming: Ingeschakeld

    9/01/2013 20:51:14
    mbam-log-2013-01-09 (20-51-14).txt

    Scan type: Volledige scan (C:\|D:\|F:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 551172
    Verstreken tijd: 55 minuut/minuten, 34 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll (PUP.MyWebSearch) -> Geen actie ondernomen.

    (einde)

  4. Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    http://www.malwarebytes.org

    Databaseversie: v2013.01.08.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    eigenaar :: PC [administrator]

    Bescherming: Ingeschakeld

    9/01/2013 18:33:53
    MBAM-log-2013-01-09 (18-37-25).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 211472
    Verstreken tijd: 1 minuut/minuten, 58 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.MyWebsearch) -> Slecht: (http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xpt198^S03721^be&ptb=66FCF9FB-E18A-421F-90E6-3533D241B1B6) Goed: (http://www.google.com) -> Geen actie ondernomen.

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

  5. Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    http://www.malwarebytes.org

    Databaseversie: v2013.01.08.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    eigenaar :: PC [administrator]

    Bescherming: Ingeschakeld

    9/01/2013 5:49:34
    mbam-log-2013-01-09 (05-49-34).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 211862
    Verstreken tijd: 1 minuut/minuten, 45 seconde(n)

    Geheugenprocessen gedetecteerd: 1
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe (PUP.MyWebSearch) -> 3856 -> Geen actie ondernomen.

    Geheugenmodulen gedetecteerd: 6
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrstub.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mauxstb.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdlghk.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (PUP.MyWebSearch) -> Geen actie ondernomen.

    Registersleutels gedetecteerd: 17
    HKLM\SYSTEM\CurrentControlSet\Services\MyFunCards_5mService (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCR\CLSID\{c4b22c87-45ef-4f43-89f2-40db2078864e} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCR\CLSID\{476d2996-ce78-4a30-95f7-80dbb4c9d623} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCR\TypeLib\{6e444154-ef7c-46e9-bd43-f0f5c2b2518c} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCR\Interface\{683C3964-BB3D-439C-916F-1B7ED01E797C} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCR\CLSID\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCR\CLSID\{da71fd14-5f7b-46ae-b8b1-44074a38f331} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} (PUP.MyWebSearch) -> Geen actie ondernomen.
    HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyFunCards_5m Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Data: 6!;¤AµÚ>¸ZVÂ -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} (PUP.MyWebSearch) -> Data: -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyFunCards Search Scope Monitor (PUP.MyWebSearch) -> Data: “C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe” /m=2 /w /h -> Geen actie ondernomen.

    Registerdata gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.MyWebsearch) -> Slecht: (http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xpt198^S03721^be&ptb=66FCF9FB-E18A-421F-90E6-3533D241B1B6) Goed: (http://www.google.com) -> Geen actie ondernomen.

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 9
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrstub.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbarsvc.exe (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mauxstb.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mdlghk.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mieovr.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (PUP.MyWebSearch) -> Geen actie ondernomen.
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrchMn.exe (PUP.MyWebSearch) -> Geen actie ondernomen.

    (einde)


[top]

Leave a Reply to matt Cancel reply