trojan-downloader.murlo
Welcome, Guest. Please login or register. Did you miss your activation email?


Pages: [1]
« previous next »
  Print  
Author Topic: trojan-downloader.murlo  (Read 1380 times)
jess009
Newbie
*
Posts: 3


View Profile
« on: September 13, 2010, 01:26:29 PM »
I scanned my computer with spyware doctor and found out i have the trojan-downloader.murlo which there are 10 infected files in my registry under catchme. I tried to delete the registry keys but got a message saying error. is there any way i can delete these files? I know u can edit registry keys but i don't know how. I also used windows registry editor and these are the infected keys.

 Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000]
"Service"="catchme"
"DeviceDesc"="catchme"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME\0000]
"Service"="catchme"
"DeviceDesc"="catchme"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000]
"Service"="catchme"
"DeviceDesc"="catchme"

[HKEY_USERS\S-1-5-21-968380840-2668828858-2604125879-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Root\\LEGACY_CATCHME\\0000"
Logged
Britec
Administrator
Hero Member
*****
Posts: 3490



View Profile
« Reply #1 on: September 13, 2010, 02:21:35 PM »
 Azn jess009

Welcome to the forum

Please run a scan with malwarebytes

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
          o If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.

    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note Below)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Troubleshooting MBAM Problems

Some malware targets Malwarebytes' Anti-Malware and other cleaning tools to prevent you from using them to clean your system.

Unable to Run MBAM

If you attempt to run the installer for MBAM and it won't run, or starts and closes, using Windows Explorer go to the folder you saved the install program and try renaming it to one of the following file names:

    * iexplore.exe
    * explorer.exe
    * userinit.exe
    * winlogon.exe
    * mbam.scr


Then double-click on the renamed file to try to run it. If that doesn't work, try one of the other file names above. If you are still unable to run the MBAM installer, then download and run this program to try to kill the malware process:
Logged


jess009
Newbie
*
Posts: 3


View Profile
« Reply #2 on: October 02, 2010, 11:09:33 PM »
hey Britec,
I scanned my computer using malwarebytes but it doesn't show the trojan downloader murlo i also used superantispyware and that doesn't pick it up either. the only thing that picks it up is spyware doctor. is there a way i can delete the registry keys that are affected? Thanks!
Logged
Britec
Administrator
Hero Member
*****
Posts: 3490



View Profile
« Reply #3 on: October 03, 2010, 08:30:09 AM »
Here is some info on the trojan you got.
http://www.threatexpert.com/report.aspx?md5=a95c9cf8295bd5d6a4a42dee11bfb1a3

Also this site might be of use

http://support.microsoft.com/kb/310516

Follow these steps to create a backup of the registry.

    * Click the Start button, then click Run.
    * Type REGEDIT, then click OK.
          o The Registry Editor opens.
    * Choose File, Export Registry File.
    * Verify the following entries in the Export Registry File Dialog Box:
          o Save in: Desktop
          o File Name: Registry Backup
          o Export Range: All
    * Click Save.
    * Exit the Registry Editor.
    * Verify you have an icon titled REGISTRY BACKUP.REG on the Desktop.

CAUTION: Do not double-click the REGISTRY BACKUP.REG file on your Desktop unless you intend to undo your changes or need to restore the Registry.

    * Immediately verify the effect of your changes by restarting the computer.
    * Once you have verified that the changes to the registry:
    * If there are any problems.
          o Restore it immediately by Right clicking the REGISTRY BACKUP.REG and choose Merge.
    * If there are no problems.
          o Delete the REGISTRY BACKUP.REG file from the desktop.

Do not allow the REGISTRY BACKUP.REG file to remain on the desktop beyond the testing period to avoid inadvertently double-clicking it.

----------

Now download The Avenger by Swandog46 and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Code box below, and paste it into the Input script here window:

Code:
Comment:

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    * Add the Avenger log in your next post.
« Last Edit: October 03, 2010, 08:41:01 AM by Britec » Logged


Pages: [1]
  Print  
« previous next »
 
Jump to: