Trojan.Renos.PBR

ohne-mich · 27.03.2010, 17:16

Ich habe mir wohl was eingefangen. Habe mir eine Datei runtergeladen, gestartet.. schwupps weg war die .exe der datei. und nach suche fand ich das heraus

Das ist das Ergebnis von Virustotal.com

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.27 -
AhnLab-V3 5.0.0.2 2010.03.27 -
AntiVir 7.10.5.241 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.27 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.03.27 -
Avast5 5.0.332.0 2010.03.27 -
AVG 9.0.0.787 2010.03.27 -
BitDefender 7.2 2010.03.27 Trojan.Renos.PBR
CAT-QuickHeal 10.00 2010.03.27 -
ClamAV 0.96.0.0-git 2010.03.27 -
Comodo 4404 2010.03.27 -
DrWeb 5.0.1.12222 2010.03.27 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7391 2010.03.26 Win32/FakeAlert.D!generic
F-Prot 4.5.1.85 2010.03.26 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.27 Trojan-Downloader:W32/Renos.gen!C
Fortinet 4.0.14.0 2010.03.27 -
GData 19 2010.03.27 Trojan.Renos.PBR
Ikarus T3.1.1.80.0 2010.03.27 -
Jiangmin 13.0.900 2010.03.27 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.27 -
McAfee 5932 2010.03.26 Downloader-CEW
McAfee+Artemis 5932 2010.03.26 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.03.27 -
Microsoft 1.5605 2010.03.27 -
NOD32 4978 2010.03.26 -
Norman 6.04.10 2010.03.27 -
nProtect 2009.1.8.0 2010.03.27 -
Panda 10.0.2.2 2010.03.27 -
PCTools 7.0.3.5 2010.03.27 -
Prevx 3.0 2010.03.27 Medium Risk Malware Dropper
Rising 22.40.05.04 2010.03.27 Packer.Win32.UnkPacker.a
Sophos 4.52.0 2010.03.27 Mal/FakeAV-CX
Sunbelt 6101 2010.03.26 -
Symantec 20091.2.0.41 2010.03.27 Suspicious.Insight
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.27 TROJ_RENOS.SMD
VBA32 None 2010.03.27 -
ViRobot 2010.3.27.2248 2010.03.27 -
VirusBuster 5.0.27.0 2010.03.27 -
weitere Informationen
File size: 99840 bytes
MD5...: 1f2eaf9c23efbbf6f79e1dce023843fd
SHA1..: aafd9800f3911f2c55e4ce6f05a2d4680d7bbc42
SHA256: 2c2e3bf0a4351e8e7b3460f1efc800fb442975ed6da04b887c7b81471b8c9f13
ssdeep: 1536:WoilrRcIL+oash7v7jIE8l+fRum9wSFhG1mmf538lStXBT:WoiliUDf8yv9
wSF01/h38lMT
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3cb7
timedatestamp.....: 0x4a58c14c (Sat Jul 11 16:43:56 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8860 0x8a00 5.65 27dbe94c457c808a69671089a86d29e9
.tls 0xa000 0xd38e 0xd400 7.37 f481cac3d0a1881563ad230184741d0e
.init 0x18000 0x13e8 0x1400 4.45 b078cc46101ddead943767fd739e8e63
INIT 0x1a000 0x71b 0x800 0.00 c99a74c555371a433d121f551d6c6398
.bss 0x1b000 0x1c5 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x1c000 0x23b 0x400 3.45 22b9f3b5e7bd84a521b9192b111a649d

( 12 imports )
> OLE32.dll: CoRevokeClassObject, CoTaskMemFree, CoReleaseMarshalData, CoGetMalloc
> msvcrt.dll: calloc, sqrt, rand, mbstowcs, sprintf, clock, wcsncmp, memcpy, atol, strlen, wcschr, time, srand, _acmdln
> ADVAPI32.dll: RegOpenKeyExA, RegDeleteKeyA
> USER32.dll: CharLowerBuffA, CreateWindowExA, GetWindow, TrackPopupMenu, GetKeyState, SetWindowTextA, GetSysColorBrush, IsWindowEnabled, GetScrollRange, SetCursor, IsChild, ClientToScreen, GetActiveWindow, GetMenuState, DrawFrameControl, EnumWindows, GetFocus, GetWindowTextA, EnumChildWindows, SetWindowLongA, EnableMenuItem, EnableWindow, GetClassInfoA, GetCursorPos, GetSubMenu, GetCursor, GetLastActivePopup, HideCaret, GetMenuStringA, EnumThreadWindows, BeginDeferWindowPos
> comdlg32.dll: FindTextA, GetOpenFileNameA
> NTDLL.dll: RtlDeleteCriticalSection, wcscat, atol, NtWaitForSingleObject
> OLEAUT32.dll: SysReAllocStringLen, OleLoadPicture, SysStringLen, SysAllocStringLen, SafeArrayCreate
> gdi32.dll: RestoreDC, SetPixel, GetDIBColorTable, GetRgnBox, CopyEnhMetaFileA, CreateDIBitmap, CreatePenIndirect, GetCurrentPositionEx, CreateFontIndirectA, SetBkColor
> SHELL32.dll: SHFileOperationA, SHGetSpecialFolderLocation, SHGetDesktopFolder, Shell_NotifyIconA, SHGetFolderPathA
> kernel32.dll: WideCharToMultiByte, LoadLibraryExA, LoadLibraryA, GetLocalTime, SetEvent, FormatMessageA, HeapFree, EnterCriticalSection, InitializeCriticalSection, SetThreadLocale, GetCommandLineA, ExitThread, LockResource, EnumCalendarInfoA, GetCPInfo, GetLocaleInfoA, GetStringTypeA, lstrcpynA, ExitProcess, GetLastError, GetEnvironmentStrings, lstrlenA, CreateFileA, LocalAlloc, GetFileSize, GetDiskFreeSpaceA, GetFullPathNameA, GetModuleFileNameA, GetFileType, WaitForSingleObject, GetCurrentProcessId, Sleep, SizeofResource, GetVersion, GetFileAttributesA, GetCurrentThread, LocalReAlloc, FindClose, GetCurrentThreadId, FreeLibrary, SetEndOfFile, GetProcAddress, VirtualAllocEx, GetModuleHandleA
> comctl32.dll: ImageList_Write, ImageList_Read, ImageList_Remove, ImageList_Draw, ImageList_GetBkColor, ImageList_DrawEx, ImageList_Create, ImageList_Add, ImageList_Destroy, ImageList_DragShowNolock
> SHLWAPI.dll: SHGetValueA, SHDeleteValueA, SHEnumValueA, SHQueryInfoKeyA, PathGetCharTypeA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (63.0%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=2B4884B800EB336D86D801F78E5454002236D0CA' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=2B4884B800EB336D86D801F78E5454002236D0CA</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Wie werd ich das Teil wieder los ??

Hier schon mal mein Hijack Log. Hijackthis hab ich vorher umbenannt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:52, on 27.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PestPatrol\PPMemCheck.exe
C:\Program Files\PestPatrol\CookiePatrol.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\Program Files\PestPatrol\pestpatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\is.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - F:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 9097 bytes

ohne-mich · 27.03.2010, 19:12

So,

habe

Pestpatrol neuste Version drüber gejagd: Nix gefunden
Habe Adaware drüber laufen lassen, nach update versteht sich: Nix gefunden
Dann noch Ghostscrip auch kein Treffer..

Bin ich jetzt sicher? Für dieses mal oder gibt es noch andere empfehlungen ?

Trojan.Renos.PBR

Plagegeister aller Art und deren Bekämpfung: Trojan.Renos.PBR

Trojan.Renos.PBR

Trojan.Renos.PBR

Ähnliche Themen: Trojan.Renos.PBR

27.03.2010, 19:12	#2
ohne-mich	Trojan.Renos.PBR So, habe Pestpatrol neuste Version drüber gejagd: Nix gefunden Habe Adaware drüber laufen lassen, nach update versteht sich: Nix gefunden Dann noch Ghostscrip auch kein Treffer.. Bin ich jetzt sicher? Für dieses mal oder gibt es noch andere empfehlungen ? __________________