Deze error heb ik nu al bijna 2 maanden, elke keer wordt er een attack vanuit het bestand geblokkeerd en is het bestand niet te verwijderen. Als ik manueel het bestand scan zit er geen virus in (ook niet via online scanners).
6-3-2012 18:50:37 Startup scanner file Operating memory » C:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe a variant of Win32/Fynloski.AA trojan unable to clean
Malwarebytes pakt ook dit op:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.03.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jochem :: HPLAPTOP-JOCHEM [limited]
3-3-2012 22:05:40
mbam-log-2012-03-03 (22-05-40).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 781815
Time elapsed: 1 hour(s), 44 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 19
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-13-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-14-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-15-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-16-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-17-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-18-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-20-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-21-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-22-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-23-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-24-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-25-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-26-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-27-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-28-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-29-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-03-01-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-03-02-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-03-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
(end)
Ik denk dat dit een hardnekkige rootkit is. Iemand een idee en hoe ik het verwijder?
Groet.
6-3-2012 18:50:37 Startup scanner file Operating memory » C:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe a variant of Win32/Fynloski.AA trojan unable to clean
Malwarebytes pakt ook dit op:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.03.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jochem :: HPLAPTOP-JOCHEM [limited]
3-3-2012 22:05:40
mbam-log-2012-03-03 (22-05-40).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 781815
Time elapsed: 1 hour(s), 44 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 19
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-13-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-14-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-15-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-16-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-17-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-18-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-20-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-21-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-22-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-23-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-24-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-25-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-26-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-27-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-28-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-02-29-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-03-01-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-03-02-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Jochem\AppData\Local\Temp\dclogs\2012-03-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
(end)
Ik denk dat dit een hardnekkige rootkit is. Iemand een idee en hoe ik het verwijder?
Groet.