Jump to content

Recommended Posts

I apologize if this is formatted incorrect.

About two years ago my machine was compromised. I woke up to an e-mail on my phone that my accounts in WOW were performing transfers I hadn't authorized. Luckily it was the only thing that was done in regards to my personal information. I reformatted after I found out.

It has since made me very paranoid and I run Full Norton and Malwarebyte security scans on a very regular schedule. I was surfing through the WOW official forums and came across a post in tech support talking about a new rootkit that was being very stubborn so I came to the link. I performed the SystemLook that another was instructed to just to see and came up with results that I am unsure of.

I have all my logs saved and have run a full malwarebytes scan along with Norton. I have the 'Ark' and 'Attach' zipped and ready to go as well if needed. I will wait to post until instructed by a moderator.

Thanks~

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6534

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

5/9/2011 4:34:49 AM

mbam-log-2011-05-09 (04-34-49).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 354854

Time elapsed: 4 hour(s), 7 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Pkizzle at 16:46:31.40 on Sun 05/08/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Microsoft

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Are you currently experiencing any symptoms of infection?

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\drivers\FlashSys.sys

Post the results in your reply.

please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello,

Thanks for the response. I am not currently seeing any signs of infection other than being slightly sluggish and running the system look and it looking similar to someone else's post I read. I may just be paranoid.

I have tried running the virustotal on that file ~ 5 times now and it keeps timing out and going to IE cannot display the webpage and Google Chrome will not load the page at all. I'm not sure if there is something I am doing wrong.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Pkizzle at 20:17:56.22 on Thu 05/12/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Microsoft

Link to post
Share on other sites

Ok I was able to get the Virustotal to work correctly.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

FlashSys.sys

Submission date:

2011-05-14 15:24:29 (UTC)

Current status:

finished

Result:

0/ 43 (0.0%)

Print results

Antivirus

Version

Last Update

Result

AhnLab-V3

2011.05.14.00

2011.05.13

-

AntiVir

7.11.8.21

2011.05.13

-

Antiy-AVL

2.0.3.7

2011.05.14

-

Avast

4.8.1351.0

2011.05.14

-

Avast5

5.0.677.0

2011.05.14

-

AVG

10.0.0.1190

2011.05.14

-

BitDefender

7.2

2011.05.14

-

CAT-QuickHeal

11.00

2011.05.14

-

ClamAV

0.97.0.0

2011.05.14

-

Commtouch

5.3.2.6

2011.05.14

-

Comodo

8698

2011.05.14

-

DrWeb

5.0.2.03300

2011.05.14

-

Emsisoft

5.1.0.5

2011.05.14

-

eSafe

7.0.17.0

2011.05.12

-

eTrust-Vet

None

2011.05.13

-

F-Prot

4.6.2.117

2011.05.14

-

F-Secure

9.0.16440.0

2011.05.14

-

Fortinet

4.2.257.0

2011.05.14

-

GData

22

2011.05.14

-

Ikarus

T3.1.1.103.0

2011.05.14

-

Jiangmin

13.0.900

2011.05.14

-

K7AntiVirus

9.103.4648

2011.05.14

-

Kaspersky

9.0.0.837

2011.05.11

-

McAfee

5.400.0.1158

2011.05.14

-

McAfee-GW-Edition

2010.1D

2011.05.13

-

Microsoft

1.6802

2011.05.14

-

NOD32

6120

2011.05.14

-

Norman

6.07.07

2011.05.14

-

nProtect

2011-05-14.01

2011.05.14

-

Panda

10.0.3.5

2011.05.14

-

PCTools

7.0.3.5

2011.05.13

-

Prevx

3.0

2011.05.14

-

Rising

23.57.04.05

2011.05.14

-

Sophos

4.65.0

2011.05.14

-

SUPERAntiSpyware

4.40.0.1006

2011.05.14

-

Symantec

20101.3.2.89

2011.05.14

-

TheHacker

6.7.0.1.196

2011.05.13

-

TrendMicro

9.200.0.1012

2011.05.14

-

TrendMicro-HouseCall

9.200.0.1012

2011.05.14

-

VBA32

3.12.16.0

2011.05.12

-

VIPRE

9278

2011.05.14

-

ViRobot

2011.5.14.4459

2011.05.14

-

VirusBuster

13.6.353.0

2011.05.13

-

Additional information

Show all

MD5 : efb818e30f695a858b939d8483d2cfdb

SHA1 : 18ab94053c98ba15b2486250e729ea40e581b07c

SHA256: bc670cf00ee7ea14ee44a2f765eb7b4dc4110551ef9081f7d24657c4bd2508e9

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.