Malware problem

km7100 · Dec 19, 2008

Two weeks ago I received an email from my website hosting company that said someone hacked my ftp account and redirected my index.html file. The email said "We have determined that they obtained your username/password from software installed on your client machine - likely some malware that can capture typed information."

I ran a scan that day and it didn't find anything. But when I ran another scan this week it found a trojan (TrojWare.Win32.Trojan.Agent.~AADE@1842905). I did the Read & Run First stuff as well as the Windows XP cleaning procedures. (I couldn't get combofix.exe to run though, so I don't have a log for that one).

I haven't noticed any performance problems with my computer at all. I wouldn't have known about the trojan if my webhost hadn't emailed me about the ftp account issue.

How do I know that the trojan is gone?

Thanks,
Matt

chaslang · Dec 22, 2008

Your logs are all clean but you do need to uninstall the below old Sun Java versions which are security risks:

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

You can also delete the below files which are due to failed attempts at running ComboFix
Code:
"C:\WINDOWS\system32\"
cf20980.exe   Dec 19 2008      389120  "CF20980.exe"
cf22322.exe   Dec 19 2008      389120  "CF22322.exe"
cf22325.exe   Dec 19 2008      389120  "CF22325.exe"
cf22338.exe   Dec 19 2008      389120  "CF22338.exe"
cf3959.exe    Dec 18 2008      389120  "CF3959.exe"
cf4941.exe    Dec 18 2008      389120  "CF4941.exe"
cf5114.exe    Dec 18 2008      389120  "CF5114.exe"
 
[B]And also the below folder:[/B]
"C:\"
32788R~1      Dec 19 2008              "32788R22FWJFW"
 
Comodo maybe getting in the way.

Log in or Sign up

Malware problem

km7100 Private E-2

Attached Files:

saslog121708.txt

mbamlog121808.txt

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member