Hidden File Attributes - related to Trojan.FakeAlert

Discussion in 'Malware Help (A Specialist Will Reply)' started by KevinMC, Apr 15, 2011.

  1. KevinMC

    KevinMC Private E-2

    What Up MGs....
    I remote logged on to a friends Windows Vista PC to remove a Trojan.FakeAlert piece of malware. The usual safe-mode Malwarebytes' Anti-Malware worked just fine. He called me this morning to tell me that a lot of his desktop icons were missing and that some programs were gone. What I later found was the file/folder attributes on many were set to Hidden.
    I have yet to see this type of malware behavior and am wondering what other my have experienced?
    Best wishes to all!



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6366

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    4/15/2011 1:01:23 AM
    mbam-log-2011-04-15 (01-01-23).txt

    Scan type: Quick scan
    Objects scanned: 151371
    Time elapsed: 3 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sAaAVcAvvOACS (Trojan.FakeAlert) -> Value: sAaAVcAvvOACS -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\saaavcavvoacs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\programdata\38788872.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\rusty pace\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\rusty pace\AppData\Local\Temp\0.8265549848095879.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
    KevinMC, Apr 15, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Apr 15, 2011
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds