Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

the skynet.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 oraveh

oraveh

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 May 2009 - 04:35 AM

i have a an exe file on my computer called skynet. this virus slows down the machine, makes copies of every folder in my hard drive as an exe file by the same name, and eventually doesn't let me see the files on my hard drive at it's final stages. Iv'e tried quite a few anti-malware programs, mostly free versions. ive reinstalled windows, problem is that the virus is on my external drives and as soon as i connect those, the whole thing starts all over again :flowers:

CAN ANYBODY HELP ??? IM AT A DEAD END RIGHT NOW :thumbsup:

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 14 May 2009 - 09:39 AM

Hi,

Welcome here. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 oraveh

oraveh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 14 May 2009 - 07:38 PM

Hi,

Thanks for the quik reply. Did the scan though im not sure it scanned the external drives. by the way i tried mbam before after being advised by a friend. Not sure i did everything right the last time though anyway here is the log

Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 5.1.2600 Service Pack 2

5/15/2009 10:30:09 AM
mbam-log-2009-05-15 (10-30-09).txt

Scan type: Quick Scan
Objects scanned: 70892
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\eMule\Incoming\Malwarebytes Anti-Malware 1.36 Multilingual Win2kXP2k3Vista Incl.Keygen.rar (Dont.Steal.Our.Software.S) -> Quarantined and deleted successfully.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 15 May 2009 - 12:29 AM

Hi,

Please perform a new, full scan, and post the logfile in your next answer. :thumbsup:

#5 oraveh

oraveh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 17 May 2009 - 04:06 AM

all right did that.

the scan took 43 hours, and the restart abolut an hour more. all the rest looks pretty much the same. :thumbsup: here's the log

Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 5.1.2600 Service Pack 2

5/17/2009 6:07:47 PM
mbam-log-2009-05-17 (18-07-47).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 184376
Time elapsed: 43 hour(s), 46 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{EE87E6D6-1329-4ED5-946C-72FDE4D6EB84}\RP22\A0006363.dll (Adware.Agent) -> Quarantined and deleted successfully.
F:\kdxdweli.cmd (Trojan.Agent) -> Quarantined and deleted successfully.

looking forward to the next step thanks very much

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 May 2009 - 09:20 AM

Hi,

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

#7 oraveh

oraveh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 18 May 2009 - 07:55 PM

Okay did that, seem to have found something interesting. here is the log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 18, 2009 08:37:21
Records in database: 2190185
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 119898
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:11:03


File name / Threat name / Threats count
C:\Program Files\eMule\Incoming\Prevx CSI - Free Malware Scanner 3.0.0.199.zip Infected: Trojan-Downloader.Win32.Bagle.atj 1
F:\SkyNet.exe Infected: Worm.Win32.AutoIt.ak 1
F:\SpyNoMore 2.83.080502.zip Infected: Trojan-Downloader.Win32.Bagle.asx 1

The selected area was scanned.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 May 2009 - 04:28 AM

Hi,

Open Notepad.
Copy this in the Notepad-file:

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\Program Files\eMule\Incoming\Prevx CSI - Free Malware Scanner 3.0.0.199.zip"
F:\SkyNet.exe
"F:\SpyNoMore 2.83.080502.zip") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: del.bat
File type: All files (*.*).
Now, click Save.
Doubleclick del.bat.
Post the contents of the logfile that opens in your next reply.

Edited by superbird, 19 May 2009 - 04:28 AM.


#9 oraveh

oraveh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 19 May 2009 - 07:07 AM

Hi,

Did it, here is the log

Deleting files
"C:\Program Files\eMule\Incoming\Prevx CSI - Free Malware Scanner 3.0.0.199.zip" deleted
F:\SkyNet.exe deleted
"F:\SpyNoMore 2.83.080502.zip" deleted

all signs show that virus is still there. lots of hidden folders, folders labled "microsoft corporation" and folders named skynet.
:thumbsup:

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 May 2009 - 08:20 AM

Hi,

1. Which "hidden folders" are we talking about?
2. Where do you find the folders with "Microsoft Corporation" in it?
3. You can delete the folders named skynet.

#11 oraveh

oraveh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 19 May 2009 - 07:02 PM

Hi,

most of my folders are hidden now, the virus also makes a copy some of the folders gives it the same name, and under the name it lables it microsoft corporation. for now i can still see my hidden folders, I believe that in another restart they will not be visible. the virus also takes of folder options from the tools menu so it is not possible to make them visible again

#12 oraveh

oraveh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 19 May 2009 - 07:28 PM

by the way,

On each one of my drives there is an empty folder named system volume information which i cannot delete

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 May 2009 - 09:02 AM

System Volume Information is a folder with the system restore points. So that's why.

I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Good luck. :thumbsup:

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 32,872 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 23 May 2009 - 04:00 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/228648/the-skynetexe-virus-again/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users