|
Posted by Nehmo on November 16, 2008, 12:14 am
Please log in for more thread options
show/hide quoted text
> On the Tools menu in Windows Explorer, click Folder Options.
> Click the View tab.
> Under the Hidden files and folders heading select Show hidden files and
> folders.
> Uncheck the Hide protected operating system files (recommended) option
> Click ok.
> Can you see those files now? send me a copy of the MBAM log
I already have "Hide protected operating system files (Recommended)"
with an un-checked box. I also have "Hidden files and Folders" set
with a dotted circle to the option "Show hidden files and folders".
The file isn't there. Yet I continually get DriveSentry popups saying
winfilse.exe is trying to write to either Temporary Internet files ie
content or Cookies. These popups are loged by DriveSentry.
The Malwarebytes (MBAM) log is short enough to just post here. MBAM
deleted Winterms.exe (see near the end of the log). That was the other
file I couldn't find.
The MBAM log:
Malwarebytes' Anti-Malware 1.30
Database version: 1400
Windows 5.1.2600 Service Pack 3
11/15/2008 5:15:53 PM
mbam-log-2008-11-15 (17-15-53).txt
Scan type: Full Scan (C:\|)
Objects scanned: 179546
Time elapsed: 3 hour(s), 7 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 46
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
show/hide quoted text
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and
deleted successfully.
show/hide quoted text
C:\Documents and Settings\Owner\Application Data\m (Trojan.Agent) ->
Delete on reboot.
Files Infected:
show/hide quoted text
C:\WINDOWS\system32\drivers\downld1671.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld7296.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld8265.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld4656.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld4546.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld4578.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld0921.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld6953.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld8453.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld6687.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld0140.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld8250.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld6312.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld4687.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld5625.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld1265.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld7921.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld1171.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld4640.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld7359.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld2593.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld9375.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld2750.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld5250.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld5703.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld7609.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld636734.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld704218.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld712703.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld734921.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld741343.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld771890.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld777218.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld804890.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld871015.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld877390.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld880187.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld937937.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld020203.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld2484.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld625.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\drivers\downld5109.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and
deleted successfully.
show/hide quoted text
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and
deleted successfully.
C:\Documents and Settings\Owner\Application Data\m\flec006.exe
show/hide quoted text
(Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined
and deleted successfully.
--
~~ Nehmo
| 
XML Sitemap
> Click the View tab.
> Under the Hidden files and folders heading select Show hidden files and
> folders.
> Uncheck the Hide protected operating system files (recommended) option
> Click ok.
> Can you see those files now? send me a copy of the MBAM log