Jump to content

Malware infection


Recommended Posts

Hi Guys.

I recently had an infection on my other computer with Antivirus8, and despite running loads of malwarebytes scans, i can't seem to remove it.

The tell-tale signs are when i try to acess a site on my browser (I've tried internet explorer, chrome and firefox) i'm unable to access most of the webpages i try to go on, instead being redirected to a fake site telling me that the request has been blocked, and trying to direct me to (what i presume to be) a fake security site.

I followed all the instructions in the I'm infected topic, except personal Antivir wasn't able to update to the latest definitions.

Thank you in advance

Nick

DDS (Ver_10-12-12.02) - NTFSx86

Run by Heather at 19:09:27.23 on 13/12/2010

Internet Explorer: 8.0.6001.18975

Microsoft

attach.zip.zip

mbam_log_2010_12_12__19_50_05_.txt

Link to post
Share on other sites

Hello nickyl01

Welcome to Malwarebytes.

=====================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Looks good I would like to do some more scans to ensure all malware is gone.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Link to post
Share on other sites

Hi Kahdah.

Thanks again

The Malwarebytes log didn't pick anything up, but eset found six infections

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5313

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

14/12/2010 20:24:23

mbam-log-2010-12-14 (20-24-23).txt

Scan type: Quick scan

Objects scanned: 153509

Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-4b0392cf multiple threats deleted - quarantined

C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-65416248 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined

C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4da38bd5-temp multiple threats deleted - quarantined

C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-34c14880 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined

C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-4557d2c6 multiple threats deleted - quarantined

C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-1c9b1d26 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined

Many thanks for your help again!

Nick

Link to post
Share on other sites

You are welcome things should be back to normal now.

The entries found by eset and not by mbam is the fact that mbam targets malware in general not exploit's file infecter's etc... that is up to the antivirus vendors to target such infections.

Please run DDS once more and post those logs,also let me know of any remaining issues.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.