Jump to content

uuu.uuu & xxx.xxx attempting a comeback

Jeff-66
 Share

Recommended Posts

Jeff-66

Jeff-66

Posted
Posted

{Win7 Home Premium 64-bit}

Hi all,

I got my first virus/trojan today. MSSE noticed it first, and said it's removal was successful, but far from it. I tried ESET Nod32, and that didn't even see the virus. Then I tried AVG's DOS boot CD, which has networking, and it started up, downloaded it's latest defs, scans the system ... finds nothing. Useless. Superantispyware ... same thing, doesn't even see the malware. ProcessExplorer doesn't show a recognizable process for it.

So after googling a bit more, I find out about MBAM and give it a try. Sure enough, the free version found the whole thing, and it's variants in my HD. I forget the name of the trojan, but I know it puts an xXx.xXx and uUu.uUu files into my users/me/local/temp directory, and the xxx one cannot be killed.

So I let MBAM do it's thing, it reboots and finishes the job. It says the bad stuff is all gone. Now, before I removed it, I noticed very strange behavior in Firefox (3.6.3), sometimes I was prevented from surfing at all. Other times, I'd get a popup saying "Firefox has stopped working", it also seemed to be trying to intercept my downloads.

Later, after MBAM finishes, I open Firefox again and MBAM pops up and tells me that xxx.xxx is attempting to load, and has been stopped. I click Quarantine. so i figure the bloody thing is still hiding somewhere. I disable SystemRestore, and reboot into SafeMode, and let MBAM scan the HD's. It finds nothing at all.

I reboot again, all seems well. Odd, random lettered exe's are no longer showing in MSConfig's startup area. the xxx.xxx and uuu.uuu files are no longer present in the temp folder. Good so far. Until ...

I start Firefox ... and once again, MBAM intercepts xxx.xxx and keeps it from starting. So clearly, this trojan is somehow hooked into Firefox. So I need some advice about what I should do next. Of course, I'm trying to avoid a full system re-install. It would take me a solid week to get things back to the way they are now.

Thanks

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hello Jeff-66 ,Welcome to Malwarebytes.org

As we don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

PS - No need to leave ID numbers here -

Thank You - :)

EDIT - Please only use one A/V on your computer at any time - It can cause problems -

I only use MSE these days -

Link to post
Share on other sites
Jeff-66

Jeff-66

Posted
  • Author
Posted
Hello Jeff-66 ,Welcome to Malwarebytes.org

As we don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

PS - No need to leave ID numbers here -

Thank You - :)

EDIT - Please only use one A/V on your computer at any time - It can cause problems -

I only use MSE these days -

Thanks, I'll follow your directions. Sorry about the ID thing. I've been on forums where no one would help until you showed your paid I.D. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.