Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> 

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

 
Closed TopicStart new topic
> infected by something , Split away by boopme
Dave_Taurus
post Nov 20 2008, 11:36 PM
Post #1


Member
**

Group: Members
Posts: 16
Joined: 20-November 08
Member No.: 258,974
My wife's laptop has been infected by something *very* similar to this, just this afternoon.

I managed to run Symantec, and it located downloader.misleadapp, trojan.perfco and hacktool.rootkit, and there's a file called brastk.exe that's trying to run at startup.

After a *lot* of messing around, I finally got smitfraudfix to run by renaming it in safe mode, but it didn't fix the problem. I've now got Malwarebytes' Anti-Malware running a scan, also by renaming it, but one of the problems with this infection is that it's preventing anti-spyware software from receiving updates, so I haven't been able to update it (and literally this second, it's just stopped, with the following error message: 'Error code 731 (0,6)' - although it still seems to be scanning... and now it's telling me it couldn't remove certain files and I should reboot).

I guess if Malwarebytes doesn't work I'll try the SDFix.
Go to the top of the page
 
+Quote Post
Dave_Taurus
post Nov 21 2008, 12:05 AM
Post #2


Member
**

Group: Members
Posts: 16
Joined: 20-November 08
Member No.: 258,974
Okay, SDFix seems to have worked, or at least allowed her laptop to connect to the internet. I'm just about to run Spybot etc. to make sure I've removed absolutely everything though. Thanks for the advice!
Go to the top of the page
 
+Quote Post
Dave_Taurus
post Nov 21 2008, 01:05 AM
Post #3


Member
**

Group: Members
Posts: 16
Joined: 20-November 08
Member No.: 258,974
QUOTE(rigel @ Nov 18 2008, 06:14 PM) *
If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised.



This is interesting (and worrying!). As you can see here, my wife's laptop has just been infected by something like this (she had the brastk file, but not the karna one). She doesn't store any of her banking information on the computer, but she has, in the past, used it for online banking. Will she still need to change her passwords? Will she need to reformat the computer?
Go to the top of the page
 
+Quote Post
ruby1
post Nov 21 2008, 12:10 PM
Post #4


a forum member
******

Group: Members
Posts: 2,375
Joined: 27-August 07
Member No.: 153,171
If you do manage to get Malawarebytes to work can you post its log for checking? thumbup2.gif
Go to the top of the page
 
+Quote Post
Orange Blossom
post Nov 21 2008, 08:31 PM
Post #5


OBleepin Investigator
******

Group: Moderator
Posts: 17,849
Joined: 14-July 06
From: Bloomington, IN
Member No.: 76,150
Response by Rigel pasted from the topic that this topic's present post #3 was split from:

QUOTE(rigel @ Nov 21 2008, 08:10 PM) *
Dave: I would change passwords just to be safe. If she doesn't use her computer for the above mentions stuff - just playing games, or browsing, you may opt for cleaning. Your best bet is to post a log to the HJT forum and have our Malware team use the more advanced tools on the infection.


Hello Dave_Taurus,

I split your post from Trentzip's topic on Brastk.exe and merged it to your previously existing topic here in Am I Infected. Posting in someone else's thread or posting new topics on the same issue confuses things for everyone.

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/topic181318.html

We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult. Given that rigel has already said you need assistance in the HiJack This forum, I will close this thread to avoid confusion.

Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom fruits_cherry.gif


--------------------
Orange Blossom

An ounce of prevention is worth a pound of cure

ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
Go to the top of the page
 
+Quote Post
« Next Oldest · Am I infected? What do I do? · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 08:41 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.