Jump to content

Infected with virus Win32/Kovter.E


Recommended Posts

Hello

 

I am currently on Christmas break between college semesters. I'm using my desktop computer that is connected to my home router, which is shared with my mother and sister.

 

My sister uses this advertisement site called 'Swagbucks' which must have given her a nasty virus. I now have a virus that, I found out, originates from this website. It must have traveled via my router connection. I know that I did not get it myself because I hardly use the internet on this computer whatsoever, and simply only use it for less than a dozen trusted games. 

 

Microsoft Security Essentials detected this and labeled it as such, and everytime i restart my computer it detects it again, even after quarantine and removal. I then downloaded Malwarebytes (the free version) and proceded to scan and ride my computer of the virus. The first scan's log detected the following, however every prior scan afterwards does not detect anything.

 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Protection, 1/2/2015 6:31:00 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Starting, 

Protection, 1/2/2015 6:31:00 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Started, 

Protection, 1/2/2015 6:31:00 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Starting, 

Protection, 1/2/2015 6:31:41 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Started, 

Detection, 1/2/2015 6:32:30 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 88.214.193.117, saymommy.com, 49542, Outbound, C:\Users\Anthony\AppData\LocalLow\Sony Online Entertainment\Yavuscgqi\dqxtzpfvbedj\Egzodhvdgl.exe, 

Detection, 1/2/2015 6:32:30 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 88.214.193.117, saymommy.com, 49542, Outbound, C:\Users\Anthony\AppData\LocalLow\Sony Online Entertainment\Yavuscgqi\dqxtzpfvbedj\Egzodhvdgl.exe, 

Detection, 1/2/2015 6:32:30 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 88.214.193.117, saymommy.com, 49543, Outbound, C:\Users\Anthony\AppData\LocalLow\Sony Online Entertainment\Yavuscgqi\dqxtzpfvbedj\Egzodhvdgl.exe, 

Update, 1/2/2015 6:32:37 PM, SYSTEM, ANTHONY-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1, 

Update, 1/2/2015 6:32:37 PM, SYSTEM, ANTHONY-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 

Update, 1/2/2015 6:32:56 PM, SYSTEM, ANTHONY-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.2.9, 

Protection, 1/2/2015 6:32:56 PM, SYSTEM, ANTHONY-PC, Protection, Refresh, Starting, 

Protection, 1/2/2015 6:32:56 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 1/2/2015 6:32:56 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 1/2/2015 6:33:02 PM, SYSTEM, ANTHONY-PC, Protection, Refresh, Success, 

Protection, 1/2/2015 6:33:02 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Starting, 

Protection, 1/2/2015 6:33:02 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Started, 

Scan, 1/2/2015 6:38:58 PM, SYSTEM, ANTHONY-PC, Manual, Start:1/2/2015 6:33:59 PM, Duration:4 min 26 sec, Hyper Scan, Completed, 2 Malware Detections, 0 Non-Malware Detections, 

Protection, 1/2/2015 6:41:20 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Starting, 

Protection, 1/2/2015 6:41:20 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Started, 

Protection, 1/2/2015 6:41:20 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Starting, 

Protection, 1/2/2015 6:42:24 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Started, 

Detection, 1/2/2015 6:45:32 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 94.242.233.180, a16-car.biz, 49177, Outbound, C:\Windows\SysWOW64\svchost.exe, 

Detection, 1/2/2015 6:45:32 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 94.242.233.180, a16-car.biz, 49177, Outbound, C:\Windows\SysWOW64\svchost.exe, 

Scan, 1/2/2015 7:02:10 PM, SYSTEM, ANTHONY-PC, Manual, Start:1/2/2015 6:46:37 PM, Duration:15 min 33 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 

Detection, 1/2/2015 7:06:13 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 49287, Outbound, C:\Windows\SysWOW64\explorer.exe, 

Detection, 1/2/2015 7:06:13 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 49287, Outbound, C:\Windows\SysWOW64\explorer.exe, 

Detection, 1/2/2015 7:14:48 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 52434, Outbound, C:\Windows\SysWOW64\explorer.exe, 

Detection, 1/2/2015 7:14:49 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, IP, 5.149.250.194, 52440, Outbound, C:\Windows\SysWOW64\explorer.exe, 

Protection, 1/2/2015 7:16:02 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 1/2/2015 7:16:03 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 1/2/2015 7:16:03 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Stopping, 

Protection, 1/2/2015 7:17:59 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Stopped, 

Protection, 1/2/2015 7:48:53 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Starting, 

Protection, 1/2/2015 7:48:53 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Started, 

Protection, 1/2/2015 7:48:53 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Starting, 

Protection, 1/2/2015 7:48:53 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Started, 

Scan, 1/2/2015 7:59:09 PM, SYSTEM, ANTHONY-PC, Manual, Start:1/2/2015 7:49:12 PM, Duration:9 min 56 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 

Protection, 1/2/2015 8:02:50 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Starting, 

Protection, 1/2/2015 8:02:50 PM, SYSTEM, ANTHONY-PC, Protection, Malware Protection, Started, 

Protection, 1/2/2015 8:02:50 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Starting, 

Protection, 1/2/2015 8:04:45 PM, SYSTEM, ANTHONY-PC, Protection, Malicious Website Protection, Started, 

 

(end)

 

This is the log file where 2 malicious items were detected, which i chose to remove

Link to post
Share on other sites

Hello Anthony, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

Please do the following. 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM scan log
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.