webuser Posted July 29, 2012 ID:578151 Share Posted July 29, 2012 Hello:Thank you for your help and response.I will be happy to subscribe to MBAM. For years I was a paid subscriber to NAV and then to a different outfit (don’t remember the name), it only lasted 2 years, and then to Webroot. Only changed my AV program when my system was infected and the AV program I was subscribed to didn’t keep my computer virus free.Couple of points:1-My firewall is disabled by the virus. When I system restore (pressed F11), it gave message that it encountered an unexpected error 0X800700672- My firewall is disabled by the virus. Red color. When I try to restore defaults to windows firewall, I can’t. get the message; 0x800704243-After installing and running MBAM and getting clean report, I decided to check the system and reactivated MSSE. The same viruses that were present before, showed up. So I uninstalled the MSSE again and re-installed MBAM and ran it. 4-I was on-line last night ( stupid mistake, since my firewall is disabled) and another virus (Platinum crap) disguised as an AV program started scanning my system. I clicked on the MBAM icon to scan and the platinum crap gave message that it MBAM has been disabled. So I rebooted my computer, F11 system restored to the day before which includes MSSE as a disabled AV(red color). I already know that MSSE failed and I can’t use it anymore and uninstalled it.5-MBAM logs. I have saved them in a folder.6-I have saved the SCR logs as well as the Rogue Killer log in a folder. As I can only post one at a time, I will upload the latest. 7-I have ran the SCR and Rogue Killer and MBAM more than once, all the logs are in a folder. The latest one is the status of my computer home computer as it is now, with MSSE uninstalled. 8-I didn’t make any deliberate changes to my computer except install and then uninstall the MSSE. It is uninstalled now. Platinum crap invaded my computer so I had to run your MBAM again to get rid of it. On the Rogue Killer program, I didn’t make any changes. Saved its report and quit the program. I just looked as my control panel and Rogue Killer is not there even though I just ran it for the report to upload for you. The two times I ran Rogue Killer, the last time just now, I had shut down my internet connection. One question: I have copied these same folders in a USB external drive; I have run MBAM which scans the USB external drive as well as the C drive. And if the MBAM log shows the no virus found, is it safe to copy these folders to my work computer? Could there be any of the malicious viruses previously caught by MBAM going from the C drive to the USB drive? I am uploading the latest DDs.txt( attached)& Attach.txt )still spinning, no green yock mark yet, but grayed out bar)& RKreport.txt(pending, still spinning). The total of the 3 files are about 30KB.Thank you very much for your help. Will connect to internet and try to copy & paste this to the forum.Webuser.Attach-07292012.txtRKreport2-07292012.txtDDS-07292012.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 29, 2012 ID:578153 Share Posted July 29, 2012 Hello webuser.a) Never switch antivirus programs in the midst of a malware infection !b) TROJAN WARNINGZeroAccess/Serifef is a backdoor trojan.This system had some serious backdoor trojans, spyware, and likely, a rookit.This is a point where you need to decide about whether to make a clean start.According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.You are strongly advised to do the following immediately.1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.* Take any other steps you think appropriate for an attempted identity theft.You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. Let me know if a) you decide to wipe/erase the HDD and install Windows and all your apps freshORb) you want to attempt to remove malwareHere is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojanDanger: Remote Access Trojans http://www.microsoft...o/virusrat.mspxConsumers – Identity Theft http://www.ftc.gov/b...mers/index.htmlWhen should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspxHelp: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspxHelp: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspxMicrosoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 29, 2012 ID:578160 Share Posted July 29, 2012 STOP !!!You have another help-topic here http://forums.malwar...howtopic=113237Mr Charlie had replied to you.Use that topic please.I am closing this one. Link to post Share on other sites More sharing options...
Recommended Posts