Jump to content

Yourhighness

Experts
 View Profile  See their activity

  • Posts

    156

  • Joined

  • Last visited

 Content Type 

Posts posted by Yourhighness

    Tojan Delete on Reboot and Trace.Vundo

    in Resolved Malware Removal Logs

    Posted

    Hello kapoor and welcome to Malwarebytes.org!

    My name is Johannes and I will be dealing with your log today.

    Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange.

    Please also take note of the following:

    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.

    Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent DNA). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

    Step #1

    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

    Step #2

    Download OTViewIt to your desktop.

    • Close all windows and double click OTViewIt
    • Place a tick in the Scan all Users box
    • In the File Age drop down box select 90 days
    • Click Run Scan and let the program run uninterrupted
    • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

    Thanks,

    YoHi

    Updating Issues

    in Malwarebytes News

    Posted

    2. Change your update time. If you change your update time you will have a better chance to get the update. Also, manually updating will help save the server if you do in the middle of the hour (i.e. 4:30 not 4:00).

    Update issue resolved for me too it seems. Here I go and wonder why I kept getting a "connection error." Would it be possible to have the automatic update scheduler to either include 30 minute steps, or to have the ability to manually enter the time and may be use an up and down arrow thing next to the text box to change the time. I use automatic update, because I d forget to do so otherwise :P.

    Example given: new_fontsize.gif, but for time. Is that a lot of extra coding?

    Several Trojans in different flavours

    in Resolved Malware Removal Logs

    Posted

    Hi Germish,

    sorry for this very late reply. Lots of things been happening over the long weekend. I see you solved your problems with some new software. Good to see that it worked out for you this way. Let me just give you a few things on the way to keep you away from malware in the future :).

    Please navigate to: Start >> Run... and type Combofix /u and hit Enter. Thanks.

    Please also have a look at the following links, giving some advice and suggestions for preventing future infections:

    I recommend you regularly visit the Windows Update Site!

    • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
    • By updating your machine, you have one less headache! thumb.gif
    • Update ALL Critical updates and any other Windows updates for services/programs that you use.
    • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    • Note that it will download them for you, but you still have to actually click install.
    • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.

    It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

    For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

    Another recommendation, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:

    1. Double-click the Downloaded installer and install the tool to a location of your choice
    2. Via the Startmenu, navigate to HostsMan and run the program.
      2. Click "Hosts" in the menu
      3. Click "Manage Updates" in the submenu
      4. Out of the three, select atl east one of them (I have MVPS Host as my main one)
      5. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
        HostsXpert_update.png

      6. Click the X to exit the program.
      7. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


        Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:
        Simple and easy ways to keep your computer safe and secure on the Internet
        Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!
        Thanks and merry christmas. Johannes

    Removing Vundo

    in Resolved Malware Removal Logs

    Posted

    Hi Schwick,

    welcome to Malwarebytes.org!

    Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange.

    Please also take note of the following:

    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.

    Step #2

    • Please download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Step #1

    Please post back with log.txt and info.txt. Thanks :).

    Several Trojans in different flavours

    in Resolved Malware Removal Logs

    Posted

    Hi Germish,

    no problem. Kindly check if you can locate the following logs:

    C:\MsnCleaner.txt

    C:\ComboFix.txt

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

    It didn't reallyproduce any particular single log put an aray of various things that I am completely lost which one to post.

    Not sure what you mean with "aray of various things."

    Johannes

    Several Trojans in different flavours

    in Resolved Malware Removal Logs

    Posted

    Hi Germish,

    I removed symatec antivirus 10 network client and also spybot to install kaspersky's one month free trial Virus scanner at let it do it's job.

    Could you post the log it produced? Dont worry about the online scan for now.

    Lets do this:

    Download MsnCleaner.zip to your Desktop, but don't use it yet.

    http://www.forospyware.com/Msncleaner/MsnCleaner.zip

    (Copy/Paste the URL into the address bar or use "Save Target As")

    • Extract the content of MsnCleaner.zip to your Desktop.
    • Now reboot into Safe Mode
    • Double-click MsnCleaner.exe to run it.
    • Click the Analyze button.
    • A report will be created once after you finish scan.
    • If it finds an infection, click the Deleted button.
    • Now, please reboot back to normal mode.
    • Please post the contents of C:\MsnCleaner.txt in a reply to this post.

    Then do these steps:

    Update Malwarebytes Antimalware, run it and let it fix all it finds.

    Run ComboFix again. When it asks to update itself, let it do so.

    Now post back with the MsnCleaner.txt, the MBAM log, and the Combofix log. Thanks!

    Several Trojans in different flavours

    in Resolved Malware Removal Logs

    Posted

    hi germish,

    Now in your last post you bring up Java once more, by which I had allready followed your previous instruction and simply had updated a 1 day old fresh Java installation.

    As of Java Runtime version 6 update 10, the updates are deleted on new installs. All Java versions prior to that need manual removal. Its only been updated to v6u11 recently.

    3) The online scan you asked me to run does never complete after about 2 hours the IE window simply closes without any warning. I did this twice yesterday and on previous occassion (before I contacted you !!! I had noticed the same behaviour when I run an online virus scan). I think it was the same URL

    Thats ok, we just take a different one:

    Please do a scan with Kaspersky Online Scanner (You need to use InternetExplorer or enable IEView in Firefox)

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
    4) I think I contracted the trojan when I clicked on a link which came through a friend's MSN Messenger account from Germany.

    the msn worms are getting spread more and more. Your friend's pc might be compromised and used for spreading the worm itself. One needs to be very careful what links to click these days :angry: .

    Dont worry too much regarding the p2peer software. Its a common source for infection and its usage with proprietary work is illegal and thus needs to be pointed out.

    Sorry for the delay. With normal weekend stuff and further edu on Saturdays, I am falling behind schedule at times. Not a good excuse, but still thought I d try :angry: to hide my failing in replying in an acceptable time frame.

    johannes

    Several Trojans in different flavours

    in Resolved Malware Removal Logs

    Posted

    Hi Ralph,

    Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

    Step #1

    1. Open notepad and copy/paste the text in the codebox below into it:
      DirLook::C:\documents and settings\Ralph\Application Data\Uniblue
File::C:\sqmnoopt16.sqmC:\sqmdata16.sqm


    2. Save this as CFScript.txt
      CFScript_small.gif
    3. Refering to the picture above, drag CFScript.txt into ComboFix.exe
    4. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
      Note:
      Do not mouse click combofix's window whilst it's running. That may cause it to stall

    Step #2

    You may update to Java update 11. Make sure you uninstal all previous versions though, as they are a source of infections.

    Step #3

    Please go to Eset Onlinescan (NOD32)

    (You need to use InternetExplorer or enable IEView in Firefox)

    • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
    • Now click Start
    • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
    • Click Start (the Onlinescanner will now prepare itself for running on your pc)
    • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
    • Press Scan
    • The Onlinescan will now start and scan your pc (this could take a while)
    • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
    • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
    • The Scanresults will now open in Notepad
      • Click into the text area, right-click and chose "select all" (or use ctrl+a)
      • Right-click again and chose "copy" (or ctrl+c)
      • Close Notepad

      [*]Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

    Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

    Step #4

    Lets see those reports. As for your settings gone, I will need to check on something before we continue on that part.

    Thanks YoHi

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.