Hijack.regedit has taken over my computer

Hummetje · July 15, 2013

On july 3rd my computer got infected with the Ukash virus. Thought I had gotten rid of everything, ran Kaspersky, found nothing. But still could't get my computer to werk.

Downloaded Malware Bytes last night en discovered and quarantained 3 malwarethreads: malware trace en 2x hijack.regedit.

Ran the Malware Rootkit, did not clean (but it found 11 threats), but hit exit.

This is the Rootkit log:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.15.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
BUZS :: BUZS-VAIO [administrator]

15-7-2013 8:09:30
mbar-log-2013-07-15 (08-09-30).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-2442550951-2292826666-487205313-1000\$d7ec79334bb7b97d756df812ba03ec19\n. -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\$Recycle.Bin\S-1-5-18\$d7ec79334bb7b97d756df812ba03ec19\U (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-2442550951-2292826666-487205313-1000\$d7ec79334bb7b97d756df812ba03ec19\U (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-18\$d7ec79334bb7b97d756df812ba03ec19\L (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-2442550951-2292826666-487205313-1000\$d7ec79334bb7b97d756df812ba03ec19\L (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-18\$d7ec79334bb7b97d756df812ba03ec19 (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-2442550951-2292826666-487205313-1000\$d7ec79334bb7b97d756df812ba03ec19 (Trojan.Siredef.C) -> No action taken.

Files Detected: 2
c:\$Recycle.Bin\S-1-5-18\$d7ec79334bb7b97d756df812ba03ec19\@ (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-2442550951-2292826666-487205313-1000\$d7ec79334bb7b97d756df812ba03ec19\@ (Trojan.Siredef.C) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Can anyone help me get my computer fixed?

Maniac · July 15, 2013

Hello Hummetje and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

I'm afraid I have bad news.

One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on Internet theft and when to reformat!

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

Hummetje · July 15, 2013

Hi Borislav,

Thanks for the quick response. It was our businesscomputer, so our billingsystem is on it, our taxes, evrything.....I already blocked the credit cards.

I do have to copy a number of documents to a new computer, but how do I know that they're not infected as well and infect the new computer. Can you help me?

Thanks, Marlies

Maniac · July 15, 2013

The main problem of files are with extensions .exe , .com and etc. (executable files). There is no problem with text files, images and so on. If you are not sure about them, visit www.virustotal.com and upload them one by one to be sure:

http://www.virustotal.com

Hummetje · July 15, 2013

Ok thanks. I'm a hands-on type of person and have been trying to fix things intuitevely after research on the internet. What is the best option right now do you think: copy the documents, reformat and reinstall the computer myself or let an expert do it?

TIA, Marlies

Maniac · July 15, 2013

If you can do it yourself, you don't need expert, but if you are not sure is better to contact expert.

Hummetje · July 15, 2013

Thank you so much for your help. I've spent days trying to figure this out, but without finding a solution.

Thanks to you I know what to do now.

Maniac · July 15, 2013

Some future malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

AdvancedSetup · July 17, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Hijack.regedit has taken over my computer

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information