• Register
80,955 questions
451,523 answers
5 comments
55,576 users
Welcome to Help & how to!
Ask questions and receive answers from other members of the community.
Help and how to is a free service. No registration needed.

[SOLVED] malware TR/ATRAPS.Gen2

0 like 0 dislike

Hi, I'm obviously a malware on the computer.
When I click a link in Google, this is first opened up in the address bar in order to tilt it to various other sites, such as "2dayoftheweek"
This is (not installed until after the infection) from the Malwarebytes blocked here:
IP block 67.29.139.153 (Type: outgoing, Port: 54 539, Process: firefox.exe)
Another message came more often:
IP-BLOCK 193 105 135 219 (Type: outgoing, Port: 52 571, Process: csrss.exe)
A complete Malwarebytes scan did, however, no finds.
Anti Vir produced Medlung following:
The file 'C: \ Windows \ assembly \ tmp \ U \ @ 800000cb.'
contained a virus or unwanted program 'TR/ATRAPS.Gen2' [trojan].
Action taken (s):
The file was moved to quarantine directory under the name b663ec8.qua '4 '!
  
Am pleased to help, thank you
Best regards. MGF


asked 2 years ago in Viruses, Trojans, Worms by masterLoki (100 points)

9 Answers

0 like 0 dislike
Quote:
The file was moved to quarantine directory under the name b663ec8.qua '4 '!
This complicates malware bytes Abeit his course.
I would restore the file from quarantine and then scan with virus total.
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
OTL here:
 OTL logfile created on: 29/08/2011 08:58:25 - Run 1OTL by OldTimer - Version 3.2.26.6 Folder = C: \ Users \ * \ Downloads64bit Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000407 | Country: Germany | Language: ENU | Date Format: dd.MM.yyyy1.60 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 39.01% Memory free3.21 Gb Paging File | 1.60 Gb Available in Paging File | 49.72% Paging File freePaging file location (s):: \ pagefile.sys [binary data]% SystemDrive% = C: |% SystemRoot% = C: \ Windows |% ProgramFiles% = C: \ Program Files (x86)Drive C: | 101.60 Gb Total Space | 55.12 Gb Free Space | 54.25% Space Free | Partition Type: NTFSDrive D: | 195.31 Gb Total Space | 194.96 Gb Free Space | 99.82% Space Free | Partition Type: NTFSComputer Name: PC *- | Username: * | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit scansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days[Color = # E56717 ]========== Processes (SafeList) ==========[/ color]PRC - [29/08/2011 08:58:07 | 000,580,096 | ---- | M] (OldTimer Tools) - C: \ Users \ * \ Downloads \ OTL.EXEPRC - [29/08/2011 08:29:09 | 000,331,776 | ---- | M] (click team) - C: \ Users \ * \ AppData \ Local \ Temp \ mrt5D2B.tmp \ e stdrt.exPRC - [28/08/2011 19:33:17 | 072,106,372 | ---- | M] () - C: \ Users \ * \ Desktop \ iwbtgbeta_fs_.exePRC - [11/08/2011 15:18:02 | 003,077,528 | ---- | M] () - C: \ Program Files (x86) \ Pando Networks \ Media Booster \ PMB.exePRC - [30/07/2011 19:09:42 | 000,269,480 | ---- | M] (Microsoft Corporation) - C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ avguard.exePRC - [29/07/2011 01:08:12 | 001,259,376 | ---- | M] () - C: \ Program Files (x86) \ DivX \ DivX Update \ DivXUpdate.exePRC - [08/07/2011 09:31:38 | 000,924,632 | ---- | M] (Microsoft Corporation) - C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exePRC - [07/06/2011 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) - C: \ Program Files (x86) \ Malwarebytes' Anti-Malware \ mbamgui.exePRC - [07/06/2011 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) - C: \ Program Files (x86) \ Malwarebytes' Anti-Malware \ mbamservice.exePRC - [06/24/2011 08:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.). - C: \ Program Files (x86) \ Samsung \ gravel \ KiesTrayAgent.exePRC - [06/06/2011 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) - C: \ Program Files (x86) \ Common Files \ Adobe \ ARM \ 1.0 \ armsvc.exePRC - [21/04/2011 07:52:51 | 000,136,360 | ---- | M] (Microsoft Corporation) - C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ sched.exePRC - [21/04/2011 07:52:36 | 000,281,768 | ---- | M] (Microsoft Corporation) - C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ avgnt.exePRC - [02/01/2008 04:00:54 | 003,661,824 | ---- | M] (PostgreSQL Global Development Group) - C: \ Program Files (x86) \ PostgreSQL \ 8.3 \ bin \ postgres.exePRC - [27/04/2007 19:40:14 | 001,581,056 | ---- | M] (Lenovo (Beijing) Limited) - C: \ Program Files (x86) \ Lenovo \ EnergyCut \ utilty.exe[Color = # E56717 ]========== Modules (No. Company Name) ==========[/ color]MOD - [29/08/2011 08:29:09 | 000,303,104 | ---- | M] () - C: \ Users \ * \ AppData \ Local \ Temp \ mrt5D2B.tmp \ l MMFS2.dlMOD - [29/08/2011 08:29:09 | 000,069,632 | ---- | M] () - C: \ Users \ * \ AppData \ Local \ Temp \ mrt5D2B.tmp \ CCTrans. dllMOD - [11/08/2011 15:18:02 | 003,077,528 | ---- | M] () - C: \ Program Files (x86) \ Pando Networks \ Media Booster \ PMB.exeMOD - [29/07/2011 15:03:11 | 006,271,648 | ---- | M] () - C: \ Windows \ SysWOW64 \ Macromed \ Flash \ NPSWF32.dllMOD - [29/07/2011 01:09:42 | 000,096,112 | ---- | M] () - C: \ Program Files (x86) \ DivX \ DivX Update \ DivXUpdateCheck.dllMOD - [29/07/2011 01:08:12 | 001,259,376 | ---- | M] () - C: \ Program Files (x86) \ DivX \ DivX Update \ DivXUpdate.exeMOD - [08/07/2011 09:31:38 | 001,850,328 | ---- | M] () - C: \ Program Files (x86) \ Mozilla Firefox \ mozjs.dllMOD - [05/26/2011 13:42:00 | 000,067,872 | ---- | M] () - C: \ Program Files (x86) \ Common Files \ Apple \ Apple Application Support \ zlib1.dllMOD - [11/20/2010 04:19:58 | 000,232,448 | ---- | M] () - \ \ \ globalroot \ systemroot \ syswow64 \ mswsock.dll?MOD - [13/04/2007 20:18:10 | 000,057,344 | ---- | M] () - C: \ Program Files (x86) \ Lenovo \ EnergyCut \ kbdhook.dll[Color = # E56717 ]========== Win32 Services (SafeList) ==========[/ color]SRV: 64bit: - [12.08.2010 14:55:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] - C: \ Windows \ SysNative \ atiesrxx.exe - (AMD External Events Utility)SRV: 64bit: - [12.08.2010 08:04:48 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] - C: \ Program Files \ ATI Technologies \ ATI. ACE \ Fuel \ Fuel.Service.exe - (AMD FUEL Service)SRV: 64bit: - [17.06.2010 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] - C: \ Program Files \ ATI Technologies \ ATI.ACE \ Reservations Manager \ Manager.exe AMD Reservation - (AMD Reservation Manager)SRV: 64bit: - [07.14.2009 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] - C: \ Windows \ SysNative \ appmgmts.dll - (AppMgmt)SRV - [30/07/2011 19:09:42 | 000,269,480 | ---- | M] (Microsoft Corporation) [Auto | Running] - C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ avguard.exe - - (file missing)SRV - [07/06/2011 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] - C: \ Program Files (x86) \ Malwarebytes' Anti-Malware \ mbamservice.exe - (MBAMService)SRV - [06/06/2011 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] - C: \ Program Files (x86) \ Common Files \ Adobe \ ARM \ 1.0 \ armsvc.exe - (AdobeARMservice)SRV - [21/04/2011 07:52:51 | 000,136,360 | ---- | M] (Microsoft Corporation) [Auto | Running] - C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ sched.exe - - (AntiVirSchedulerService)SRV - [18/03/2010 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] - C: \ Windows \ Microsoft.NET \ Framework \ v4.0.30319 \ MSCO rsvw. exe - (clr_optimization_v4.0.30319_32)SRV - [06/10/2009 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] - C: \ Windows \ Microsoft.NET \ Framework \ v2.0.50727 \ MSCO rsvw. exe - (clr_optimization_v2.0.50727_32)SRV - [02/01/2008 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] - C: \ Program Files (x86) \ PostgreSQL \ 8.3 \ bin \ pg_ctl . exe - (pgsql-8.3)[Color = # E56717 ]========== Driver Services (SafeList) ==========[/ color]64bit: - [07.30.2011 19:09:44 | 000,123,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] - C: \ Windows \ SysNative \ drivers \ avipbb.sys - - (avipbb)64bit: - [07.30.2011 19:09:44 | 000,088,288 | ---- | M] (Microsoft Corporation) [file_system | Auto | Running] - C: \ Windows \ SysNative \ drivers \ aswFsBlk.sys - - (avgntflt)64bit: - [06.07.2011 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [file_system | On_Demand | Running] - C: \ Windows \ SysNative \ drivers \ mbam.sys - - (MBAMProtector)64bit: - [06/02/2011 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] - C: \ Windows \ SysNative \ drivers \ ssadmdm.sys - - (ssadmdm)64bit: - [06/02/2011 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] - C: \ Windows \ SysNative \ drivers \ ssadbus.sys - - (ssadbus) Android SAMSUNG USB Composite Device driver (WDM)64bit: - [06/02/2011 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] - C: \ Windows \ SysNative \ drivers \ ssadmdfl.sys - - (ssadmdfl) Samsung Android USB Modem (Filter)64bit: - [11.03.2011 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopp
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
OTL post a log file mbam charging you down, update the program and check your System Update
Full scan perform
Enable the option not to scan the end, that something should be deleted.
Alone, the first report is important.
All security software before deaktivierenBitte the spoiler tag use for both
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
How do you get back out of the quarantine?
Is this normal that takes the mbam scan 1.5h, you can shorten the useful somehow?
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
Quote:
Is this normal that takes the mbam scan 1.5h, you can shorten the useful somehow?
for a full scan with appropriate amount of data that is perfectly normal quotation:
How do you get back out of the quarantine?
you can restore the file (preferably in a folder on the desktop), rename this the best guide to o.¤.***.virustotal.combebilderte with malware
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
Hm, although the virus file is back, but no finding of Mbam:
Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7595Windows 6.1.7601 Service Pack 1Internet Explorer 9.0.8112.1642129.08.2011 10:35:05mbam-log-2011-08-29 (10-35-05). txtScan type: Full Scan (C: \ |)Objects scanned: 303 925Running time: 37 minute (s), 45 second (s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values â‹â‹Infected: 0Registry Data Items Infected: 0Folders Infected: 0Infected files: 0Infected Memory Processes:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Infected registry keys:(No malicious items detected)Registry Values â‹â‹Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Infected files:(No malicious items detected)Antivir Guard was made
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
How can I restore it, can not find the option for antivir-.-Ah ok, now I self
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
Quote:
Quote from MGF001 How do you get back out of the quarantine?Is this normal that takes the mbam scan 1.5h, you can shorten the useful somehow? This should be explained in the program help. When VT-Scan will come out but probably only thing you can always implies, namely, that it is very annoying and persistent adware is that if some system files manipulated, eg the hosts or established their own DNA.
answered 2 years ago by masterLoki (100 points)
0 like 0 dislike
In Virustotal've also uploaded?If an error message to be
answered 2 years ago by masterLoki (100 points)

Please log in or register to answer this question.