Jump to content

Computer is Infected but MalwareBytes does not see it


Recommended Posts

I ran the Kaspersky virus removal tool in windows safe mode (their recommendation) and it found nothing.

Yesterday, I ran another scan with Malwarebytes and it came up with the following:

Malwarebytes' Anti-Malware 1.40

Database version: 2679

Windows 5.1.2600 Service Pack 3

8/22/2009 02:56:37 PM

mbam-log-2009-08-22 (14-56-32).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 169547

Time elapsed: 21 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{A85AF81F-CE05-4B7C-924C-8D7BC0F6E982}\RP104\A0038908.exe (Trojan.Banker) -> No action taken.

Since this file was in the restore directory and removing it had no effect on the other symptoms I am seeing after reboot, I am going to assume that this executable represents an EXE running somewhere else on my computer that was put into the restore point.

AVG found a file it called xdxqzz.sys (Win32.Agent.fu) which I removed but I think this was installed by combo-fix.

I was unable to run Kaspersky online scanner. See attached screen shot for more info.

I am hoping that the fact that MalwareBytes identified the infection as Trojan.Banker may help you all pinpoint where this thing is hiding or tell me if the infection symptoms are consistent with this particular type of malware.

post-17412-1251047417.jpg

Link to post
Share on other sites

  • Staff

Hi,

Don't worry about the Kaspersky scan for now.

If the offline tool didn't pick anything up, neither will their online scan.

See if this one will run:

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Restart your computer and summarize the symptoms you are still experiencing.

-screen317

Link to post
Share on other sites

Bit defender online scanner hangs when trying to update the antivirus definitions. Was unable to run scan. Unless you guys have some other ideas where to look at this point, I think I am going to have to wipe the drive and start over again with the OS. Luckily, the only thing of "value" on this computer are iTunes downloads and they can be recovered.

Link to post
Share on other sites

  • Staff

That is certainly the safest option.

When you do, make sure you install protection programs before connecting to the Internet (copy the installers to a flash drive or CD), then after they're installed, connect to the Internet and download all available Windows Updates.

Here is my standard prevention speech.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Kerio

Comodo

Outpost

2) It is imperative that you have an antivirus. You are basically asking for infection without one. :)

All of the following are excellent free antiviruses. Be sure to only install one.

AVG

AntiVir

avast!.

3) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

4) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

5) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

6) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

7) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

8) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.