Jump to content

Tomster2

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by Tomster2

  1. Thank you. My mistake. Will go to the other area and repost. You may delete this thread. Tomster2
  2. The user had their mail account shutdown by their provider for being used to send spam. It was being logged in and used from various locations in several countries. We had a password that was generated by a password generator provided by the email provider and "rated" as difficult. So it appears their computer has been hacked and username and password compromised. The provider suspects a keystroke logger type trojan and advised us to run scans and make sure our system was clean before reactivating the account. If there was a reoccurance they would close the account. Client is without email for their primary business address as a result. GFI Vipre is the normal AV. It found nothing. We updated Malwarebytes Free and ran a "quick" scan and it found Trojan.ZbotR.gen as a regsitry entry and reported that it would be removed upon reboot. After the reboot, we then ran a "full" Malwarebytes scan and it found nothing. Reading other threads about this trojan suggests it is more pervasive than just one registry entry. What else can I do to be sure? I don't want the user to lose their email account, not to mention go through the trouble of changing all their other passwords, just to be right back in the same situation. Thanks for any insights.
  3. Additional information: 1) actual name of the rogue program is "Desktop Security 2010". 2) Before we restored the image file we observed the following behavior: The 2010 warning screens come up after reboot. The only way around them was to Ctrl-Alt-Del, go to processes and end program on Desktop Security 2010. I could then access the Start button, AVG and Malwarebytes. Full scan with AVG found 2 items that reported successfully cleaned... but reboot, brought us right back to the warning screens. I had already done a full scan with Malwarebytes externally... and had already decided to just restore the drive image file. 3) I am thinking that the exe files in the temp folder mentioned above, may just be "dummy malware" put in place by Desktop Security 2010 as "proof" that you are infected. They are probably not malicious... just named to look like they are, to convince an unsuspecting person that they need to buy the program. 4) But ignoring the exe files in the temp folder, we still have a problem that AVG, Malwarebytes and Vipre could not resolve with standard scans. Nasty stuff. Thankfully we image the PCs every night and had an "easy" way out. Thanks to everyone for the replies and instructions. We may need the info next time. I would have liked to try the suggestions, but this machine needed to be put back in service immediately.
  4. For reference purposes. This system had an up to date version of AVG Anti-Virus. It also had Malwarebytes (paid) that we left disabled as it was fighting with AVG. When this problem happened... we could not update Malwarebytes to the latest version. That is when I removed the drive and used the external scan strategy... and used a machine that had version 4478 also Aug 25. (That was latest version available just before I started the external scan). The external scan strategy has saved me on many occasions before. I scanned the drive with both Sunbelt Software Vipre (also up to date)... it found only two items which I removed. I then scanned with Malwarebytes and it reported nothing. I know both results were failures. I put the drive back into the machine, restarted the original machine and got the typical AV2010 warnings... but am unable to get past them. The boys at AV2010 have put some new twists into their "product". Fortunately, we have Ghost backups, and are going to restore one from yesterday before this one hit.
  5. Scan completed... it reports: Objects infected: 0 The scan completed successfully. No malicious items were found. This is totally wrong. During the scan I saw the items mentioned in my first post in the scanning screen... But malwarebytes would scan... NOT report a malicious item, then move on to the next file. Something very odd - I have never seen malwarebytes behave this way when malicious items are present. The first scan was a quick scan. I have just launched a full scan. Will advise results.
  6. Working with the latest version, latest rules, of malwarebytes. On a Windows 7 Pro machine. I have another computer that is infested with Desktop Anti-Virus 2010. I have removed the drive from that machine... hooked it up to a usb external drive adapter and am scanning it from the Windows 7 machine that has malwarebytes installed. During the scan, it is finding a lot of .exe files in the username\local settings\temp folder... but it is not tagging them as malware. Examples are lols.exe destroyer.exe ploper.exe and many with names like bzqa43d.exe, etc... names with random alphanumeric characters that are usually malware... not to mention several that are obscene names that have to be malware. Scan is continuing at the moment... but I know the machine is infected and I am very concerned that malwarebytes has finished scanning this folder and not tagged anything as malicious. We could be onto a new generation of malware that is somehow confusing malwarebytes. Scan is stay running.. will finish by morning. Any suggestions greatly welcome. Will post final scan results then.
  7. You may have an a virus disable your network connections. Go to Start | Control Panel | Network Connections Are the network connections listed there or do you see a blank page. If the page is blank go to Start | Run and type in regsvr32 netshell.dll <enter> regsvr32 netcfgx.dll <enter> regsvr32 netman.dll <enter> You should get a screen message saying successful after each one. Reboot, and your network connections - and the connection to the internet should be working again... and MBAM can now access the updates.
  8. I have a PC in which IE has been hijacked and will only to to a malicious site which is being blocked. The PC has malwarebytes installed, but it has not updated for the last two months. With internet access blocked I am unable to update the malwarebytes database (error 732) I want to use another pc to download the updated database file... then move it over to the infected pc using a flash drive. Is there a link where I can download the latest database file? Thanks, Tomster2
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.