Jump to content

Possible PC infection


Recommended Posts

Thanks for quick response. This is what Malwarebytes log reported to be found:

Heuristics.Reserved.Word.Exploit

I asked it to quarantine and delete, but, after rebooting, the flashing "msiexec.exe" icon again appears at the bottom of the screen.

This is what the gmer scan found, although, after a long scan, it said there was "no system modification found.

Still, the icon is flashing and cannot be closed.

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-06-11 08:46:36

Windows 6.0.6001 Service Pack 1

Running: gmer.exe

---- Files - GMER 1.0.15 ----

File

C:\Users\gsgart\AppData\Local\Temp\plugtmp-317\plugin-DropDownDealsServic

e-1.ashx 47 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

mbam scan:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4343Windows 6.0.6001 Service Pack 1Internet Explorer 7.0.6001.180006/14/2011 9:56:08 PMmbam-log-2011-06-14 (21-56-08).txtScan type: Quick scanObjects scanned: 147143Time elapsed: 9 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\gsgart\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. dds scan: . DDS (Ver_2011-06-12.02) - NTFSAMD64 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11 Run by gsgart at 22:14:27 on 2011-06-14 Microsoft

Link to post
Share on other sites

  • 2 weeks later...

Thanks for response. I couldn't follow your instructions for compressing the log(s). I hired my LAN guy from work, who did something (?) that got rid of the infection. I think I don't know enough to do any of this on my own. --kgnyc

Link to post
Share on other sites

  • Staff

Great, thanks for letting us know.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Great, thanks for letting us know.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Great, thanks for letting us know.

Thanks for response. I'll file your cure suggestion under do-it-yourself and save a lot of angst and $$$. --kgnyc

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.