Jump to content

Infection request


Recommended Posts

Hello.

I got an email with an zip-folder attached, a so called lawyer wants my money: 100% maleware!!!

Since running Malewarebytes Anti-Maleware wounld show any result concerning this file, I´d like to offer you to have a look at it, and perhaps include it into your database (I renamed the folder)...

How ever, since this file ended up on my PC, would be nice if somebody could let me know what it does, how dangerus it is, and what I`ll got to do to solve any problem this Trojan creates.

Have a good day

 

Trojan.zip

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Here you can find the results of virustotal.com

https://www.virustotal.com/de/file/c5fbd808a067340f3925f53704d9f91292d9f9020ea287ad38eca95a7263457b/analysis/1406213438/

It is a "dangerous" Backdoor trojan. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=TROJAN:WIN32/MATSNU#tab=2

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hi,

könnten wir schon. Aus Respekt dem Forum und Malwarebytes gegenüber, sowie der Tatsache, dass es sich um ein internationales Forum handelt machen wir es aber auf Englisch. Bei Unklarheiten kannste aber schon auf Deutsch nachfragen.

Please post up the FRST-Logs... :)

Link to post
Share on other sites

Hi,

(hast DU die Trojaner-Datei ausgeführt oder nur runtergeladen?)

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Wise Registry Cleaner 8.03

    Spybot - Search & Destroy

    Trojan Remover 6.9.1.2931

  • Reboot your computer.
Step 2

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 3

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

German translation of step 2:

Scan mit malwarebytes_anti_malware.pngMalwarebytes Antimalware

Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".

Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".

Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)

Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.

Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 24.07.2014 15:40:24, SYSTEM, DING-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 24.07.2014 15:40:28, SYSTEM, DING-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.24.3,
Update, 24.07.2014 18:07:48, SYSTEM, DING-PC, Manual, Malware Database, 2014.7.24.3, 2014.7.24.4,

(end)

 

 

SO?

Link to post
Share on other sites

Please post up the MBAM-scan-log...

Lesestoff

malwarebytes_anti_malware.pngMBAM-Funde posten: So gehts...

Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.

  • Starte MBAM.
  • Klicke auf Verlauf.
  • Klicke auf Anwendungsprotokolle.
  • Klicke auf das letzte Suchlaufprotokoll mit Funden.
  • Klicke auf "In Zwischenablage kopieren".
fundembamposten.gif
Link to post
Share on other sites

scan ist durch.

wie gehts weiter, sollten wir hiermit durchsein? mehr und mehr laden die *.txt`s runter, ist es möglich unsere konversation im anschluß zu entfernen, oder ist das der preis den ich zahle. über die *.txt und den namen in dem trojaner ordner ...ich fühl mich so nackt!!! ;)

log.txt

Link to post
Share on other sites

Hi,

(da brauchst Dir keine Gedanken zu machen. In jedem Telefonbuch stehen mehr private Dinge :)....hättest doch Deinen Namen editieren können. Schau mal ob Du die Trojaner-Datei löschen kannst die Du hier angehängt hast.)

 

I don't see any indication that your computer is infected.


That's it! abklatsch.gif
Your logs look clean to me at the moment. icon_thumb.gif
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.