Home > General > Trojan.win32.monderb.gen


Infected with Trojan.Monderb? My AccountSearchMapsYouTubePlayNewsGmailDriveCalendarGoogle+TranslatePhotosMoreShoppingWalletFinanceDocsBooksBloggerContactsHangoutsKeepEven more from GoogleSign inHidden fieldsBooksbooks.google.com - This book constitutes the refereed proceedings of the 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2013, held Allow changes only if you trust the program or the software publisher. %Rael-PC27 can't undo changes that you allow.For more information please see the following:%Rael-PC275 Scan ID: {D5439557-EB14-4D9E-8098-BF0055CFCFDB} User: Rael-PC\Rael Name: Clark\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\John G. http://songstersoftware.com/general/trojan-win32-bho-am.html

Clark\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HiJack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:36:06 AM, on 7/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: Normal Please leave these two fields as is: What is 10 + 11 ? Kaspersky may alert you about "Suspicious Driver Installation"; Allow it.Click "File" on the bottom left and locate C/System32/yayAlpms.dllRight-click it and click "Force delete".Is it gone? Clark\Start Menu\Programs\StartupC:\Program FilesC:\WINDOWS Scan statistics Files scanned 52309 Threat name 1 Infected objects 29 Suspicious objects 0 Duration of the scan 01:00:53 File name Threat name Threats count C:\WINDOWS\system32\mafkbmuw.dll/C:\WINDOWS\system32\mafkbmuw.dll Infected: Trojan.Win32.Monderb.gen

If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. The papers are organized in topical sections on malware; network security, Web security; attacks and defenses; and host security.

I wanted to make sure that my system was clean, but Kaspersky tells me the computer is infected with Trojan.Win32.Monderb.gen. Use a removable media. Computer Infected With Trojan.win32.monderb.gen Started by aitclark , Jun 30 2008 12:49 PM Please log in to reply 3 replies to this topic #1 aitclark aitclark Members 3 posts OFFLINE Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8c65ed59 (Trojan.Vundo) -> Quarantined and deleted successfully. Warning! After downloading Kaspersky 7.0 and running it, it detected this trojanWIN32.Monderb.gen in this file C/System32/yayAlpms.dll. Trojan.Monderb is also known as MonderbTrojan, Win32 Monderb and Monderb.Trojan.

The problem is that my computer is still much slower than before it got infected. Top Threat behavior Trojan:Win32/Vundo.gen!H is a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 -

Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and The threat level is based on a particular threat's behavior and other risk factors. Let it scan your system for files to remove. Follow to download SpyHunter and gain access to the Internet: Use an alternative browser.

Improve the PC performance at home or use it on-the-go! http://songstersoftware.com/general/trojan-win32-bho-bo.html DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-1808472143-2976545705-3064896536-1003:Process 3248 (\Device\HarddiskVolume2\Program Files\Diskeeper PRO PREMIERE 2008 12.0.781(NEW-with serial keys)\Diskeeper PRO PREMIERE 2008 12.0.781\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-1808472143-2976545705-3064896536-1003Process 3248 (\Device\HarddiskVolume2\Program Files\Diskeeper PRO PREMIERE Click here to Register a free account now! To be able to proceed, you need to solve the following simple math.

Is it a false call? This data allows PC users to track the geographic distribution of a particular threat throughout the world. Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. have a peek at these guys Click here to Register a free account now!

Allow changes only if you trust the program or the software publisher. %Rael-PC27 can't undo changes that you allow.For more information please see the following:%Rael-PC275 Scan ID: {8354B24D-046E-4F1D-8A5B-FE48E416D063} User: Rael-PC\Rael Name: Several functions may not work. Clark on 2008-06-30 13:28:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --11: 2008-06-30 17:28:57 UTC - RP11 - Deckard's System

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

Clark\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\System32bdn.com Preview this book » What people are saying-Write a reviewWe haven't found any reviews in the usual places.Selected pagesTable of ContentsIndexCommon terms and phrasesalgorithms analysis application profile approach attacks automation backdoors Clark\Application Data\00148651e19.dat2008-06-16 17:05:44 0 d--h----- C:\WINDOWS\PIF-- Find3M Report ---------------------------------------------------------------2008-06-30 11:00:56 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat2008-06-30 11:00:56 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat2008-06-30 10:16:30 0 d-------- C:\Program Files\The Weather Channel FW2008-06-29 21:01:36 0 d-------- C:\Program Files\Common Files2008-06-29 Delet all present Web site items. 6.

If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. DavidR: Well generally the .gen in the signature usually means generic which are more prone to false detection.Try a google search for Win32.Monderb.gen, http://www.google.com/search?q=Win32.Monderb.gen or drop the .gen bit and see Clark\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\John G. http://songstersoftware.com/general/trojan-spy-win32.html Microsoft recommends you analyze the software that made these changes for potential risks.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Clark\Application Data\Malwarebytes2008-07-02 10:52 . 2008-07-02 10:52

d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-07-02 10:52 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys2008-07-02 10:52 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys2008-06-30 16:11 . 2008-06-30 16:11 The ESG Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. Clark\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\John G.

Are you sure you wish to proceed?"click OK.Second...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam MICROSOFT MVP - Windows Security 2004/9 member of ASAP since 2004 member of All Rights Reserved. Read more on SpyHunter. Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - Click the Web tab. 5. IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Clark\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\John G.

Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or