Computer Forum voor al uw vragen en problemen.

Register een gratis account om van alle functies op het forum gebruik te kunnen maken.

Problemen met uw computer, of heeft u advies nodig? PC Web Plus helpt u graag verder.

Welkom op PC Web Plus, op dit computerforum kunt u terecht voor gratis hulp bij computerproblemen en allerhande vragen over software, hardware en computerbeveiliging.

Als gast kunt u alleen het forum bekijken en meelezen met de verschillende discussies. U kunt echter geen reacties of commentaar geven op bestaande discussies, of nieuwe onderwerpen op het forum starten met uw vraag of probleem.

Klik op de onderstaande link om geheel gratis een gebruikersaccount op ons forum te registreren. Vanaf dat moment kunt u deelnemen aan de diverse discussies op het forum.

Klik hier om een gratis account te registreren! - of lees onze Welkomstgids door voor meer informatie over het gebruik van het forum.

Forumregels
Afbeelding

  • Via deze link kunt u gratis een account aanmaken op het forum.
  • U kunt een bericht plaatsen middels het invoerveld boven de knop "Verstuur" of via de knop "Volledige bewerker & voorbeeld" voor meer functionaliteiten.
 
Gebruikersavatar
Maxstar
Administrator
Administrator
Onderwerp Auteur
Berichten: 41272
Lid geworden op: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Internet Security
Contacteer:

Nep versie Ccleaner in omloop.

za 15 jan, 2011 19:24:03

Momenteel is er een 'fake' versie van Ccleaner in omloop, die de computer infecteert met diverse 'trojan horses' zie de onderstaande screenshot.
Afbeelding

http://www.virustotal.com/file-scan/rep ... 1294846255

File name: 585c2002f44ecd7053c3dc5e18430f9c
Submission date: 2011-01-12 15:30:55 (UTC)
Current status: finished
Result: 30 /43 (69.8%)



HijackThis

Running processes:
C:\Documents and Settings\Administrator\Bureaublad\CCleaner.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\.Download-Server.exe
C:\Documents and Settings\Administrator\Bureaublad\CCleaner.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\.Download-Server.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\geurge.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\y03h3x.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9gke.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9gke.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\MSCRTD~1\msftdm.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\MSCRTD~1\msftdm32.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Documents and Settings\Administrator\Bureaublad\CCleaner.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP002.TMP\.Download-Server.exe
C:\PROGRA~1\Fun4IM\BndCore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mmlsy.exe
C:\Program Files\Windows NT\Accessories\svchost.exe
C:\PROGRA~1\Fun4IM\BndCore.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchqu.com/sidebar.html?src=ssb&sysid=402
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/402
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/sidebar.html?src=ssb&sysid=402
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/sidebar.html?src=ssb&sysid=402
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WINDOW~4\ToolBar\SearchquDx.dll
O2 - BHO: (no name) - {A0B31C41-6B7C-8BDA-9175-A4CAA6800CEC} - c:\windows\system32\hhurmnej.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WINDOW~4\ToolBar\SearchquDx.dll
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1
\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP002.TMP\"
O4 - HKLM\..\Policies\Explorer\Run: [lhec0] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mmlsy.exe
O4 - Startup: A2A5F.exe.exe
O4 - Startup: AF9C7.exe.exe
O20 - AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll



Malwarebytes' Anti-Malware (MBAM):

Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 4
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 19

Geheugenprocessen geïnfecteerd:
c:\program files\windows nt\accessories\svchost.exe (Trojan.Agent) -> 3260 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
c:\WINDOWS\system32\nwcwks.dll (Trojan.Inject) -> Delete on reboot.
c:\documents and settings\administrator\application data\macromedia\mscrtdrv5\msftcore.dll (Trojan.Proxy) -> Delete on reboot.
c:\documents and settings\administrator\application data\macromedia\mscrtdrv5\msfteml.dll (Spam.Bot) -> Delete on reboot.
c:\documents and settings\administrator\application data\macromedia\mscrtdrv5\msfttcp.dll (Trojan.Downloader) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\MSoftware (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> Value: ewrgetuj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\e7lye (Trojan.Downloader) -> Value: e7lye -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bnype (Trojan.Agent) -> Value: bnype -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mslivemsn (Trojan.Agent) -> Value: mslivemsn -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\WINDOWS\system32\nwcwks.dll (Trojan.Inject) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP\.download-server.exe (Trojan.Downloader) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\IXP001.TMP\.download-server.exe (Trojan.Downloader) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\geurge.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\y03h3x.exe (Trojan.Downloader) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\9gke.exe (Trojan.Agent) -> Delete on reboot.
c:\Documents and Settings\Administrator\Application Data\Macromedia\mscrtdrv5\msftdm.exe (Trojan.Agent) -> Delete on reboot.
c:\Documents and Settings\Administrator\Application Data\Macromedia\mscrtdrv5\msftldr.dll (Backdoor.Bot) -> Delete on reboot.
c:\documents and settings\administrator\application data\macromedia\mscrtdrv5\msftcore.dll (Trojan.Proxy) -> Delete on reboot.
c:\Documents and Settings\Administrator\Application Data\Macromedia\mscrtdrv5\msftdm32.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\administrator\application data\macromedia\mscrtdrv5\msfteml.dll (Spam.Bot) -> Delete on reboot.
c:\documents and settings\administrator\application data\macromedia\mscrtdrv5\msfttcp.dll (Trojan.Downloader) -> Delete on reboot.
c:\Documents and Settings\Administrator\Local Settings\Temp\IXP002.TMP\.download-server.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\administrator\local settings\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\windows nt\accessories\svchost.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\administrator\menu start\programma's\opstarten\c5a05.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu start\programma's\opstarten\winupdate.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\msftdm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\msftdm32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers en 1 gast