Jump to content

IE running in background


4MyPC

Recommended Posts

MS Security Essential was not running and couldn't start it.

Ran MBam

Log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.21.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jean :: DJ918891 [administrator]

1/21/2013 7:24:31 PM

mbam-log-2013-01-21 (19-24-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 463896

Time elapsed: 43 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 2

C:\Documents and Settings\Jerry\Application Data\mdisn.dll (Trojan.Medfos) -> Delete on reboot.

C:\Documents and Settings\Jerry\Application Data\widrdi.dll (Trojan.Medfos) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mdisn (Trojan.Medfos) -> Data: rundll32.exe "C:\Documents and Settings\Jerry\Application Data\mdisn.dll",RetrieveColumns -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$637f5ef4a09119dbcdd258452570a377\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Documents and Settings\Caleb\My Documents\Downloads\setup_PlayPickle_v25.exe (PUP.BundleInstaller.OI) -> No action taken.

C:\Documents and Settings\Jerry\Application Data\mdisn.dll (Trojan.Medfos) -> Delete on reboot.

C:\Documents and Settings\Jerry\Application Data\widrdi.dll (Trojan.Medfos) -> Delete on reboot.

C:\RECYCLER\S-1-5-18\$637f5ef4a09119dbcdd258452570a377\n (Trojan.0Access) -> Delete on reboot.

C:\RECYCLER\S-1-5-21-2595809125-2074355916-836003323-1005\$637f5ef4a09119dbcdd258452570a377\n (Trojan.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\I14EJWQ8R.exe (Backdoor.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\0.17826311851759802 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\0.9501748504907089 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\kcheeyualpqzrons.exe (Backdoor.0Access) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\tugrhwzctefhuyewibfxbpfev.exe (Trojan.Medfos) -> Quarantined and deleted successfully.

(end)

Uninstalled & Reinstalled MSE

It's running now.

When I attempt to check Windows Firewall it says:

"Due to an Unidentified problem, Windows cannot display Windows Firewall settings"

Also, when I check the Task Manager, there is always at least one IE running in the background (I do not use it, or initiate it.)

Link to post
Share on other sites

Almost forgot, after running MSE scan successfully, I ran another MBam scan and here is that log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.21.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jean :: DJ918891 [administrator]

1/21/2013 10:11:31 PM

mbam-log-2013-01-21 (22-11-31).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 621458

Time elapsed: 4 hour(s), 51 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Documents and Settings\Caleb\My Documents\Downloads\setup_PlayPickle_v25.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-18\$637f5ef4a09119dbcdd258452570a377\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-18\$637f5ef4a09119dbcdd258452570a377\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-18\$637f5ef4a09119dbcdd258452570a377\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Welcome to the forum.

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

I'm thinking I'll pursue the reformat and OS reinstall. I'm backing up user info/files. Is it safe to trust these files?

I can't say, we would have to clean the system first

Also, if I run into trouble with the reformat/reinstall can I get additional help on this thread?

Being it's XP, I should be able to help you.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.