ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 09-19-2010, 03:05 AM   #1
Bit Member
 
Join Date: Sep 2010
Posts: 2
Default trojan.win32..Generic.pak!cobra.Engine removal

hello,
I have the trojan called; Trojan.win32.Generic.pak!cobra.Engine on my computer. I am using Windows XP on a small Asus EEEPC. I have run an up to date Adaware spyware removal program and come up with this trojan. The adaware removed the trojan, but when I ran the next full scan it came up again with the trojan. The first time this happened the trojan came up in 3 sites. Since the first removal, adaware keeps coming up with the trojan in only one place now, which is in C:\system volume information\restore{70f .....................etc.exe I turned off system restore, and removed all the system restore points. I then ran adaware full scan again, and the trojan was not detected. I turned on the system restore again, and ran adaware full scan, and it has come up with the trojan again.

I do not know where this trojan came from. I have recently downloaded the program, Calibre,7.017, ( about 3 weeks ago) to manage the ebook library on my computer and new ereader, and I updated it to 7.018 directly from the Calibre site just the other day. I have also had my new Kogan ereader plugged in and downloaded a backup copy of the 1700 books on the reader to my computer .I have also been on the internet looking for sites to download ebooks from. Some were a bit dodgy and this is probably where I became infected.

I would like help if anyone has a good suggestion, please, on how to remove this permanently. I would also like to know how and where this trojan came from, and what it does.

Thanks
saltypossum is offline   Reply With Quote
Sponsored Links
Old 09-19-2010, 03:24 AM   #2
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 43
Posts: 28,630
Default

Please perform the following procedure and post the logs.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is offline   Reply With Quote
Old 09-23-2010, 11:54 AM   #3
Bit Member
 
Join Date: Sep 2010
Posts: 2
Default

thanks for the info, I'll get onto it, and post the log soon

Salty possum
saltypossum is offline   Reply With Quote
Old 10-05-2010, 11:23 PM   #4
Bit Member
 
Join Date: Sep 2010
Posts: 4
Default

I am having this same problem.

I run MalWareBytes, and it comes up with nothing though.
kingreilly is offline   Reply With Quote
Old 10-05-2010, 11:30 PM   #5
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 43
Posts: 28,630
Default

Quote:
Originally Posted by kingreilly View Post
I am having this same problem.

I run MalWareBytes, and it comes up with nothing though.
Please post the malwarebytes log along with a hijackthis log. Follow the instructions on how to post the logs in my previous post.
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is offline   Reply With Quote
Old 06-24-2011, 01:59 AM   #6
Bit Member
 
Join Date: Jun 2011
Posts: 1
Thumbs up

MalwareBytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6933

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

6/23/2011 7:35:08 PM
mbam-log-2011-06-23 (19-35-08).txt

Scan type: Quick scan
Objects scanned: 192738
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$Recycle.Bin\s-1-5-21-2713273461-2501166293-1954594888-1000\$RQ9VOCB.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2713273461-2501166293-1954594888-1000\$RY4FZAM.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\Adobe\plugs\mmc5529 549.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:51:55 PM, on 6/23/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mediacomtoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItS khGTkg"&"inst=NzctNTA2Nzk5NzgyLUJBKzEtS1YzKzctWEwr MS1UMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktUUlYMSszLV gyMDEwKzItRjEwTSs1"&"prod=90"&"ver=10.0.1170
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [CPN Notifier] C:\Program Files (x86)\All In Poker\PokerNotifier.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O9 - Extra button: RPM Poker - {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\RPM Poker\RPM Poker.lnk (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: Poker Host - {2c1ff667-5bc1-4c67-9cd3-92e30f58f9f1} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Poker Host\Poker Host.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra button: PDC Poker - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\PDC Poker\PDC Poker.lnk (HKCU)
O9 - Extra button: Hero Poker - {64811787-6eb5-4248-9f1d-45c6bfc8302e} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Hero Poker\Hero Poker.lnk (HKCU)
O9 - Extra button: GR88 - {7ecccf90-ae7b-44ea-884e-201d1d84736e} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\GR88\GR88.lnk (HKCU)
O9 - Extra button: OverBet - {8bb89379-d506-40d4-a886-51d78a8a2f4d} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OverBet\OverBet.lnk (HKCU)
O9 - Extra button: Sportsbook.com - {a0cadf8e-1c3d-4463-89f9-b6db8e1fe580} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Sportsbook.com\Sportsbook.com.lnk (HKCU)
O9 - Extra button: Black Chip Poker - {a6090802-f053-454f-85af-43d606dbe92a} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Black Chip Poker\Black Chip Poker.lnk (HKCU)
O9 - Extra button: Players Only - {c1bb3821-d7bc-4d12-90cc-eca4c2a3be99} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Players Only\Players Only.lnk (HKCU)
O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\PokerNordica\PokerNordica.lnk (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O9 - Extra button: FeltStars - {fbd780d2-c26b-46dd-9002-fdf30465c9d2} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\FeltStars\FeltStars.lnk (HKCU)
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY - C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9931 bytes
datsme53 is offline   Reply With Quote
Old 06-24-2011, 02:12 AM   #7
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 43
Posts: 28,630
Default

datsme53,

Please let me know if you are still having any issues. I do see that you play a lot of poker. Fully explain your issues if you are having any.
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is offline   Reply With Quote
Old 06-27-2011, 08:13 PM   #8
Byte Member
 
Join Date: Oct 2010
Location: Los Angeles
Posts: 50
Default

have you ran spybot?
__________________
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe."
- Albert Einstein
my free spyware removal blog
okapixel is offline   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Removal Tutorial SirKenin Computer Security 25 12-16-2006 07:14 PM
Excellent spyware removal tool SirKenin Computer Security 9 10-04-2006 03:02 AM
hijackthis log spkenn5 Computer Security 11 07-08-2006 06:34 PM
wireless connection fails after spyware removal mikekelly Laptops, Tablets and Smartphones 5 08-27-2005 06:37 PM


All times are GMT +1. The time now is 10:12 AM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum