Jump to content

Recommended Posts

About 6 days ago i ran malware bytes and it caught and quarantined 3 Backdoor.PWin.Gen files. One was in my registry, one was hiding behind or was my svchost.exe and one was hiding behind/was my windows maintenance. It was causing a pop up to come on everytime I turned on my computer. The pop-up would use internet explorer to open up a site called linkmutant(dot)com . I wouldn't be able to exit off the site, right click on the site, and the site wouldnt appear in my task manager as Internet Explorer but I noticied my svchost.exe file was running at 100% CPU. So I took a chance and ended it in task manager and the site would go off.

When I began looking at some of my old logs in malwarebytes I'd noticed that atleast two days before I manually went and ran malwarebytes, malwarebytes had already run and found the 3 viruses and hadnt done anything to them. I'd leave my computer on, go to sleep, wake up the next morning and my computer would be off without being set to go off. So last night I stayed awake and svchost.exe was running at full CPU and sure enough (probably because my fan is broke in my laptop) my laptop became so overheated it shut down without warning. So I turned a external fan on it and ran malwarebytes again and it found Trojan.Agent, PUP.Hacktool.Patcher, Dont.Steal.Our.Software, and Riskware.Tool.CK all infecting my system restore points. (I read the rules and I know that you guys can't help with riskware. I'd already removed the riskware tools that are just being found which seems like a major problem to me).

I still have the first log with the backdoor.pwin.gen files caught. but i accidetally deleted the log with the others caught (the delete button for logs should really have a "are you sure?" prompt) since i was trying to clik Open without paying attention.

I've scanned with malwarebytes again and nothing is found, ive scanned in safemode (a couple of other sites suggested)and still nothing, ive scanned with superantispyware and nothing was found, and ive scanned with spyware doctor and microsoft security essentials and nothing was found. the only way i know that something is still wrong is because when i turn on my computer the ad/webpage still appears and my svchost.exe file still runs at full CPU. 4 times ive started my computer and not been able to do anything because windows updates would start and then freeze everyting.

I'm willing to attach a screenshot of the site/ad.

Though since it wasnt asked of I'm just attaching the dds logs asked of in the sticky.

will my post not be getting answered? i noticied that others posts whoms "folder" icon next to their post was faded out had eithier found the answer to their own problem or hadnt gotten answered at all?

sorry im new here and i looked around for what the icons mean but didnt find anything...

dds.txt

attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

i've since decided to reinstall my OS. when i reinstalled from my original disc that came with my laptop, did it reformat for me or would i still have to do that myself??

and also before i reinstalled i backed everything up (all of my files and such) and I scanned my external hardrive with SuperAntiSpyware and it found Trojan.Agent in my external drives "recycler" from a illegal/keygen that i got rid of (i'm pretty sure thats what infected my computer in the first place =/) as soon as my computer got infected. I scanned again with superantispyware and the trojan was in/on my external drives system restore information. then i scanned atleast four more times (freaking out by then) and they all came back clean.

I then ran a full scan of my external drive with malwarebytes and it found (PUM.Disabled.SecurityCenter) so then i full scanned again and it came back clean.

I lastly scanned with microsft security essentials and it came back clean.

would you expect that im good to go now?

wow just writing that out makes me feel unsure even after a reinstall thanks to my backup drive....=/

mbam-log-2011-11-27 (22-23-14).txt

mbam-log-2011-11-28 (01-38-17).txt

SUPERAntiSpyware Scan Log - 11-27-2011 - 19-07-01.log

SUPERAntiSpyware Scan Log - 11-27-2011 - 19-19-56.log

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.