BleepingComputer.com: Combofix Infection

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Combofix Infection Trojan.Bat.Sdel.AC ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat

#1 User is offline   twilldab 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 28
  • Joined: 13-July 07

Posted 13 August 2007 - 04:14 PM

:thumbsup:
//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 13/08/2007 08:43:52
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
Folders : 21505
Files : 1238385
Memory processes scanned : 54
Archives : 25562
Runtime packers : 132425
Identified viruses : 3
Infected files : 5
Memory processes infected : 0
Suspect files : 30
Warnings : 0
Disinfected files : 0
Deleted files : 4
Moved files : 0
I/O errors : 41
Scan time : 03:12:32
Scan speed (files/sec) : 107

Spyware Statistics

Registry keys scanned : 2029
Registry keys infected : 0
Cookies scanned : 528
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 754807
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1187012632.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected: Trojan.Bat.Sdel.AC
C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Disinfection failed
C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Move failed
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\$RECYCLE.BIN\$ROLLUWC.PST Archive repacking has failed (marked actions not taken)
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst Archive repacking has failed (marked actions not taken)
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\email.pst Archive repacking has failed (marked actions not taken)
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability

PLease help.

David

#2 User is offline   TMacK 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 4,672
  • Joined: 18-March 06
  • Gender:Male
  • Location:B.C. Canada

Posted 13 August 2007 - 04:28 PM

Please contact RiP_ChAiN_ in the Hijack Team and have him reopen your Hijack Thread.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
aaaaaaaa a~Suzie Wagner

#3 User is offline   oldf@rt 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,609
  • Joined: 06-November 05
  • Gender:Male
  • Location:Avondale, Arizona USA

Posted 13 August 2007 - 04:30 PM

The combofix stuff is apparently not an infection, you should go back to this thread http://www.bleepingcomputer.com/forums/topic100331.html and send a PM to __RiP_ChAiN_ and ask that it be reopened. To me it appears that the fixes were not completed.

This post has been edited by oldf@rt: 13 August 2007 - 04:31 PM

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users