BleepingComputer.com: infected by something

My wife's laptop has been infected by something *very* similar to this, just this afternoon.

I managed to run Symantec, and it located downloader.misleadapp, trojan.perfco and hacktool.rootkit, and there's a file called brastk.exe that's trying to run at startup.

After a *lot* of messing around, I finally got smitfraudfix to run by renaming it in safe mode, but it didn't fix the problem. I've now got Malwarebytes' Anti-Malware running a scan, also by renaming it, but one of the problems with this infection is that it's preventing anti-spyware software from receiving updates, so I haven't been able to update it (and literally this second, it's just stopped, with the following error message: 'Error code 731 (0,6)' - although it still seems to be scanning... and now it's telling me it couldn't remove certain files and I should reboot).

I guess if Malwarebytes doesn't work I'll try the SDFix.

Okay, SDFix seems to have worked, or at least allowed her laptop to connect to the internet. I'm just about to run Spybot etc. to make sure I've removed absolutely everything though. Thanks for the advice!

rigel, on Nov 18 2008, 06:14 PM, said:

This is interesting (and worrying!). As you can see here, my wife's laptop has just been infected by something like this (she had the brastk file, but not the karna one). She doesn't store any of her banking information on the computer, but she has, in the past, used it for online banking. Will she still need to change her passwords? Will she need to reformat the computer?

If you do manage to get Malawarebytes to work can you post its log for checking?

Response by Rigel pasted from the topic that this topic's present post #3 was split from:

rigel, on Nov 21 2008, 08:10 PM, said:

Hello Dave_Taurus,

I split your post from Trentzip's topic on Brastk.exe and merged it to your previously existing topic here in Am I Infected. Posting in someone else's thread or posting new topics on the same issue confuses things for everyone.

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/topic181318.html

We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult. Given that rigel has already said you need assistance in the HiJack This forum, I will close this thread to avoid confusion.

Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom