Jump to content

Recommended Posts

Hi there!

I hope somebody can help.

I have been enjoying watching TV shows online via websites such as Sidereel. Most of the videos are hosted by Megavideo.

Between last week and this week while attempting to watch a show, the virus popped up.

The first time i used MBAM and thought i got rid of it.

The second time it popped up i couldn't use MBAM, Rkill or the internet not even in safe mode which led me to complete desperation.

The only thing I was able to do was to restore the system which allowed to use MBAM again and clean the computer or so I thought.

Yesterday, when i turned on my computer, I opened MBAM for precautionary measure and boy was I right!

I opened Firefox again, made an attempt to watch a show online and the virus popped up again.

I ran MBAM again which found 3 infected areas, used ESET online scanner which found an extra 6 infected files.

I need help as I am not sure i got rid of everything.

Below is my latest MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6269

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

04/04/2011 21:59:16

mbam-log-2011-04-04 (21-59-16).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 294746

Time elapsed: 1 hour(s), 28 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Tania\AppData\Local\hrt.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Tania\AppData\LocalLow\Sun\Java\deployment\cache\6.0\49\2896def1-4c24991f (Trojan.FakeAlert) -> Quarantined and deleted successfully.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Tania at 19:04:18.43 on 05/04/2011

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23

Microsoft

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi Screen317

This is the new MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6304

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19019

07/04/2011 22:10:38

mbam-log-2011-04-07 (22-10-38).txt

Scan type: Quick scan

Objects scanned: 163992

Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Tania\AppData\Local\Temp\1A36.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Tania\AppData\Local\Temp\9214.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Tania\AppData\Local\Temp\setup2542413464.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Tania\AppData\Local\Temp\setup3134370848.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Tania\AppData\Local\Temp\setup3558408992.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Tania\AppData\Local\Temp\setup778487960.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

I am about to run combofix and will post a new DSS log shortly

Link to post
Share on other sites

  • Staff

Sorry to hear that.

Restoring to factory defaults means you're clean again.

Please take the following steps to help prevent reinfection in the future:

1) It is imperative that you have an antivirus. You are basically asking for infection without one. :lol:

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Also, I personally recommend the PRO version of MBAM, which offers a lifetime license for what I believe is the best malware protection available.

Safe surfing,

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.