found santa.bat when checking win xp autostart folder

Discussion in 'Malware Help (A Specialist Will Reply)' started by jupp-katt, Jun 2, 2009.

  1. jupp-katt

    jupp-katt Private E-2

    when checking folder C:\Dokumente und Einstellungen\GILBERT\Startmenü\Programme\Autostart (windows xp prof.) I found a file "santa.bat" with following content:

    cd "C:\WINDOWS\system32"
    rename cleanup.txt cleanup.exe
    reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Winsys32sys /t REG_SZ /d "C:\WINDOWS\system32\cleanup.exe"

    It seems to me to be very strange because I didn`t install something like this.
    I`ve attached MGlogs.zip from running MGTools and would be appreciating every useful comment.
     

    Attached Files:

    jupp-katt, Jun 2, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You did not allow MGTools to run to completion, nor did you accept the license agreement to run HJT. We also need the logs for:
    SAS
    MBAM
    ComboFix
     
    TimW, Jun 3, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds