Hidden malware - Please help

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Hidden malware - Please help

Post by furns on Thu 21 Jul 2011, 11:31 am

First topic message reminder :

Gday,
A few weeks back my laptop became infected with some malware, my cpu was being maxed out by svchost.exe processes, I was constantly getting google search redirects (i use chrome) and a Just-in-time debugging window would constantly pop up.
I downloaded Malwarebytes and did a cleanup, then did a system scan with Zonealarm Extreme Security which found a number of trojans and it seemed to fix most things except the svchost issue.
Then the redirects and debugging window popups returned, I performed another cleanup which removed more trojans and again, however I am still getting svchost issues and I can bet that the other issues will return.
Also on rebooting my computer, it is quite slow compared to how it usually boots up and sometimes when I go to open programs they wont open. I can doubleclick them, the process opens in task manager, but then it sits at 0% cpu usage and just stays there.

I will attach my last MBAM log so you can see what was cleaned out


Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7179

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/18/2011 3:46:54 PM
mbam-log-2011-07-18 (15-46-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 370210
Time elapsed: 2 hour(s), 52 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UU9W7W0EVIWEUA7WKSLCFU (Spyware.Passwords.XGen) -> Value: UU9W7W0EVIWEUA7WKSLCFU -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\89DGCM7LPJ (Trojan.FraudPack.Gen) -> Value: 89DGCM7LPJ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{37CE2CFE-AB64-F6EE-84DD-B1201AA57077} (Trojan.ZbotR.Gen) -> Value: {37CE2CFE-AB64-F6EE-84DD-B1201AA57077} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\process\fc78ba65341.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Lvg.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Lvi.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Thanks in advance for any help you guys can give me.

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down


Re: Hidden malware - Please help

Post by Sneakyone on Sun 14 Aug 2011, 3:22 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Mon 15 Aug 2011, 1:40 am

Already had MBAM installed


Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7463

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/14/2011 6:26:26 PM
mbam-log-2011-08-14 (18-26-26).txt

Scan type: Quick scan
Objects scanned: 302642
Time elapsed: 36 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Mon 15 Aug 2011, 2:57 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Tue 16 Aug 2011, 11:00 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6ae48b093062094eb11841b2a361af6d
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-16 12:45:04
# local_time=2011-08-16 10:45:04 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16776533 100 77 3555277 30439263 0 0
# scanned=168438
# found=0
# cleaned=0
# scan_time=7127
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6ae48b093062094eb11841b2a361af6d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-16 05:45:10
# local_time=2011-08-16 03:45:10 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16776533 100 77 3565343 30449329 0 0
# scanned=290962
# found=4
# cleaned=4
# scan_time=15067
G:\WINDOWS\system32\gfhkj.bak1 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\WINDOWS\system32\gfhkj.bak2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\WINDOWS\system32\gfhkj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\WINDOWS\system32\gfhkj.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Thu 18 Aug 2011, 9:17 am

Hi,

How's your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Sat 20 Aug 2011, 12:15 pm

Hi,
Seems to be fine now albeit a tad slow.

Massive thanks for your help

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by DragonMaster Jay on Sun 21 Aug 2011, 4:27 am

We're glad to help! You're welcome!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Hidden malware - Please help

Post by Sponsored content Today at 1:04 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum