Jump to content

Got Me Today! Clicked on link in email . . .


Recommended Posts

Hi, They got me! I clicked a link embedded in an email, which was a request to network in on LinkedIn - I should have known! It wasn't EVEN to the correct email address!

 

First, I updated Malwarebytes, then disconnected from the internet and ran a Quickscan, with these results, before I had to reboot:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carol :: BILL [administrator]

6/20/2013 5:50:49 PM
mbam-log-2013-06-20 (17-50-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209274
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Java Auto Update (Backdoor.Bot) -> Data: C:\Users\Carol\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Inject.RRE) -> Bad: (C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd) Good: () -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Carol\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Carol\Local Settings\temp\msavyy.cmd (Trojan.Inject.RRE) -> Delete on reboot.
C:\Users\Carol\AppData\Local\temp\msavyy.cmd (Trojan.Inject.RRE) -> Delete on reboot.

(end)

 

**************************** End of Report************************************

 

When I rebooted, I ran a full Malwarebytes scan with all the drives checked, no internet. Here are the results, before I had to reboot.

 

I can't put that in the body of this post, because I just ran a QuickScan, and have two trojans - view attached, and have to reboot, again, before I can access that log.

 

Also, when I reboot, there is an alert box labeled, Desktop, which says could not run mssavyy.cmd because it doesn't exist in the registry, which box I ignore. I don't click it off or click, "okay." Please view the screenshot. Now, I have to

reboot.

Louise :blink:

 

 

 

 

 

post-96106-0-77236900-1371794454_thumb.j

post-96106-0-67979400-1371794710_thumb.j

Link to post
Share on other sites

Here is the fullscan between two quickscans:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carol :: BILL [administrator]

6/20/2013 7:04:34 PM
mbam-log-2013-06-20 (19-04-34).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362437
Time elapsed: 3 hour(s), 20 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Carol\AppData\LocalLow\3B5C.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.

(end)

 

********************************************************* End Full Scan Report***************************************************

 

Here is the 2nd Quickscan, after the full scan, from which I rebooted just now:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carol :: BILL [administrator]

6/20/2013 10:42:59 PM
mbam-log-2013-06-20 (22-42-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206030
Time elapsed: 13 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

*****************************************End 3rd Scan*****************************************************************************

 

Attached is a view of quarantined items on Malwarebytes.

 

Guess I'll turn off the computer until I hear from you in the morning after I post this! I'm sure I still have malware. The desktop sign is still there.

post-96106-0-06861800-1371795722_thumb.j

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.