[Infected] Autorun.inf & haha.txt

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

[Infected] Autorun.inf & haha.txt, This is the file i suspect.

Options

fishgal2 View Member Profile	Nov 20 2008, 10:21 AM Post #1
New Member Group: Members Posts: 3 Joined: 20-November 08 Member No.: 258,734	Hi, I found out my laptop run slow these day, and the HDD is like running something at background and i realize that i have a file name autorun.inf and haha.txt on the c:, inside the haha.txt is a bunch of coding and it mention about haha.js too. Do i need to post the code here? i'm using Winxp Home sp2 and i do a search on google and i found this site. So i want to know if my laptop are infected and is there any other spyware or malware were store or running at my laptop. What should i do now? should i create a HiJackThis Log first or using the combofix.exe guide first? This post has been edited by fishgal2: Nov 20 2008, 11:42 AM

quietman7 View Member Profile	Nov 20 2008, 02:37 PM Post #2
Bleepin' Janitor Group: Global Moderator Posts: 16,574 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Welcome to BC Please download MsnCleaner.zip by ElPiedra and save to you Desktop. (in addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.) Extract (unzip) the file to your desktop. (click here if you're not sure how to do this) but DO NOT use it yet. Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Double-click MsnCleaner.exe to run the tool. Click the "Analyze" button. If an infection is found, click the "Deleted" button. A report with the results will be created automatically after the scan and will be saved to C:\MsnCleaner.txt. Reboot normally and post the contents of MsnCleaner.txt in your next reply. Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: -- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. Please download Flash_Disinfector.exe by sUBs and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. Wait until it has finished scanning and then exit the program. Reboot your computer when done. Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2009 Member of UNITE, Unified Network of Instructors and Trusted Eliminators

fishgal2 View Member Profile	Nov 20 2008, 09:49 PM Post #3
New Member Group: Members Posts: 3 Joined: 20-November 08 Member No.: 258,734	Hey thanks for the fast reply, below are the log file from MSNCleaner: - Logfile MSNCleaner 1.7.0 by www.forospyware.com - Created Logfile: 11/21/2008 on 10:22:08 AM - Operative System: Windows XP - Boot mode: Safe mode _________________________________________ Detected files: 1 Deleted file: 1 Undeleted Files: 0 C:\WINDOWS\cfdemo.scr <--- Deleted Host file Restored ------------------------------------------------------------------------------------------------ And below are the Malwarebytes log file: Malwarebytes' Anti-Malware 1.30 Database version: 1414 Windows 5.1.2600 Service Pack 2 11/21/2008 10:45:54 AM mbam-log-2008-11-21 (10-45-54).txt Scan type: Quick Scan Objects scanned: 55287 Time elapsed: 12 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

quietman7 View Member Profile	Nov 20 2008, 10:47 PM Post #4
Bleepin' Janitor Group: Global Moderator Posts: 16,574 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode". -- Post the log in your next reply and let me know how your computer is running. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2009 Member of UNITE, Unified Network of Instructors and Trusted Eliminators

fishgal2 View Member Profile	Nov 21 2008, 01:37 PM Post #5
New Member Group: Members Posts: 3 Joined: 20-November 08 Member No.: 258,734	i've do a scan with Dr.Web CureIt and it doesnt allow me to save the report list and my log file is 7mb+ , so below are the result of my log file. ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Scanned: 37799 Infected objects: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 665 Kb/s Scan time: 00:19:24 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 38897 Infected objects: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 747 Kb/s Scan time: 00:20:59 =============================================================================

quietman7 View Member Profile	Nov 21 2008, 04:29 PM Post #6
Bleepin' Janitor Group: Global Moderator Posts: 16,574 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	How is your computer running now? Any more reports/signs of infection? -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2009 Member of UNITE, Unified Network of Instructors and Trusted Eliminators

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 06:34 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive