Jump to content

Possible Malware from Ebay


Gemma84
 Share

Recommended Posts

When browsing through Ebay, a popup appeared saying I needed to download anti-virus software and I could not get rid of it as it kept popping back up when I clicked it off. It asked me if I wanted to continue unprotected and I clicked 'OK' because I already had Avast antivirus at the time. I downloaded spybot search and destroy to make sure and it promted me to restart my computer. As I did this, it came back on but my computer background had been changed.

The background now has a blue background with a binary pattern. It has red and white text saying:

"WARNING!

YOUR'RE IN DANGER!

YOUR COMPUTER IS INFECTED WITH SPYWARE!

ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES

FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.

Every site you and somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life!

SECURE YOURSELF RIGHT NOW!

REMOVE ALL SPYWARE FROM YOUR PC!"

I have typed this exactly as it is written with all of the mistakes. I have tried various anti-malware software since but none can find any malware on my computer. I am using Windows 7 and if I go onto the 'customize...' part of my Notification Area, it shows all the usual programs/services but it appears to have a new unknown exe file that I cannot find even when I searched it on the internet to find out what it is.

It is called 'mEgGeNb06308.exe' and I do not know much else as I'm not a computer expert.

Please could someone help me to understand what is happening with my computer and how to remove any malware if it exists. Thank you

ps. I have uploaded a picture of the desktop and the 'mEgGeNb06308.exe' that I have found

desktop.bmp

Link to post
Share on other sites

Welcome to the forum. You're infected with a fake anti-virus program.

Carefully read and follow this Guide.

Make sure you run rkill and then immediately run MBAM as desribed.

Most important....update MBAM before you run it.

Post the logs back here, MrC

Thank you so much for your help, I have removed the threats and I will post the log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5904

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

28/02/2011 15:02:32

mbam-log-2011-02-28 (15-02-32).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 270346

Time elapsed: 22 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mEgGeNb06308 (Trojan.FakeAlert) -> Value: mEgGeNb06308 -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\meggenb06308\meggenb06308.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\$RECYCLE.BIN\s-1-5-21-3355433284-2292392358-1700934371-1001\$RZI65LC.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Gemma\AppData\LocalLow\Sun\Java\deployment\cache\6.0\25\582900d9-470902df (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Good, I'm glad it worked for you.

Lets just check for any leftovers and other malware:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory and look something like this:

TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txt

-------------------

Then.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.