Jump to content

Locating and removing suspected infection from my computer

Recommended Posts

Here is what happened yesterday:

I received this email from a colleague that I know and trust.



You have a pending incoming docs shared with you via Google docs


Click to open ATTACHMENT


Google Docs makes it easy to create, store and share online documents, spreadsheets and presentations



I clicked on the link "ATTACHMENT".  That directed me to this URL: www_kiam_com_my/ skinny /document_php (spaces and underscores inserted for safety).

Without thinking clearly about the unusual URL, I filled in my email address, password and phone number.  I was then directed to my Google Drive account but found no document from my colleague.  Realizing then that I may have compromised my account, I sent an email to my colleague.  "He" replied that he had sent it.  I replied to "him" that I was not able to access the document.  I then called him and he informed me that he was not sending those emails and that someone had hijacked his account.


I immediately ran both protection software that I have installed on my computer, Malwarebytes and Microsoft Security Essentials (MSE).  The MSE found the Win32/Howovi and I went through the procedure to remove it.  I then went to another computer and reset the password that I had entered; and then reset my Google Authentication for all other computers.


It may be a coincidence that the Howovi was installed on my computer with no relation to the phishing webpage that I had visited, but I need to be sure before accessing other sensitive accounts from my computer.  That is why I am cross-referencing with the Malwarebytes DB for information on Win32/Howovi.  According to the info from MSE, Win32/Howovi was first published yesterday.


Any information that you can provide, or if you could direct me to someone who could help, would be greatly appreciated.


Thank you in advance,



Link to post
Share on other sites

There are some malware traces.
FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

adwcleaner_new.png Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner


Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.