Metropolitan police malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by squid_liquor, Dec 8, 2011.

  1. squid_liquor

    squid_liquor Private E-2

    Hey guys,

    It seems that the family computer got hit by the Metropolitan police malware this morning. Whilst i think i managed to get rid of it, could someone please look over my logs to check that everything is clear..


    i have put the logs in the following post with the exception of View attachment MGlogs.zip which i have here. all the scans were done in the right order though..


    thx for the help guys.
     
    Last edited: Dec 8, 2011
    squid_liquor, Dec 8, 2011
    #1
  2. squid_liquor

    squid_liquor Private E-2

    Last edited: Dec 8, 2011
    squid_liquor, Dec 8, 2011
    #2
  3. squid_liquor

    squid_liquor Private E-2

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8332

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    08/12/2011 12:18:27
    mbam-log-2011-12-08 (12-18-27).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 433979
    Time elapsed: 1 hour(s), 37 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Home\application data\Sun\Java\deployment\cache\6.0\7\4cb23c07-3abc3cde (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
    c:\documents and settings\Home\local settings\Temp\0.6471606177553271.exe (Trojan.Zbot.CBCGen) -> Delete on reboot.
    c:\documents and settings\Home\start menu\Programs\Startup\0.6471606177553271.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.
     
    squid_liquor, Dec 8, 2011
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs, but you did not disable Daemon tools as instructed in the Read and Run first procedure. Please run Defogger and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    C:\MGlogs.zip
     
    TimW, Dec 8, 2011
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds