Jump to content

Possible Trojan


Recommended Posts

  • Staff

Glad to hear it!

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete all logs.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Sunbelt Personal Firewall

Comodo

Outpost

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

Hi,

I am working on the above instructions now.

When attempting to update Malwarebytes today, I came across an error: PROGRAM_ERROR_UPDATING (12150, 0, WinHttpQueryHeaders)

I was wondering if this was a related issue or if it's a new problem. Are there any steps that I should take to ensure that I can update Malwarebytes?

Thank you for your time and assistance!

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Hi,

Sorry for the delay - work has been very busy lately.

I followed the instructions in your previous post, but I am still getting the same error when I try to update. After reinstalling Malwarebytes (with antivirus off), it says that my database is from December last year, so I know that it did indeed reinstall.

When I ran the "Cleaner" I received runtime automation errors or something of the sort. I remember an error 440 and something else.

Did the cleaner not work? I remember that the Malwarebytes icon was still on my desktop after I ran the cleaner and restarted the computer.

Thank you for your continued assistance.

Link to post
Share on other sites

Thank you for the reply. I ran the cleaner again and this time I didn't receive any error messages while doing that. Once I rebooted, the Malwarebytes icon was gone, so I'm pretty sure the cleaner worked this time.

However, upon trying to update Malwarebytes, I received the same error message from before. I've attached a screencap.

Thank you again for your assistance!

screencap2.bmp

Link to post
Share on other sites

Update: I decided to try and see if Malwarebytes would update with my new firewall disabled - and it worked! (Not sure why I didn't think to try this earlier.)

So that must mean I have to set up some exclusions? I'm not really sure how to do that. I'm using the Sunbelt Personal Firewall, if that matters.

Thank you again for your time!

Link to post
Share on other sites

  • Staff

Should've tried that first! :lol:

At least we know the cause now. :)

I'm not familiar with Sunbelt's interface, but add these files to its exclusion list:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

C:\Windows\System32\drivers\mbam.sys

C:\Windows\System32\drivers\mbamswissarmy.sys

After that, re-enable it, restart, and see if you can update!

Link to post
Share on other sites

I've only been using this firewall for a week or so, which means I'm not entirely familiar with it either. With that said, I don't believe there's an "exclusions" list. When I go to the configurations menu, it seems that "exceptions" can be created for websites, buffer overflow parameters, and code injection parameters. I don't think any of those options sound like what we want to do.

Upon further research, it seems that only the business/paid version allows the user to create exclusions, but turning off web filtering while attempting to update Malwarebytes did the trick. So I don't have to turn the firewall completely off to update Malwarebytes, which is better, I suppose.

Thanks again for your help!

Link to post
Share on other sites

I'll look into those other firewalls. I think I might have decided against those earlier because they come with an antivirus and I really enjoy avast. Do you know if it is possible to disable the antivirus aspect? Also, do you know which of the three (Sunbelt, Comodo, or Outpost) bogs down the internet the least? It's been noticeably slower-going with the new firewall.

Other than that, everything is great. Thank you again for all your help! :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.