BleepingComputer.com: hot_sex.exe MSIL/TrojanDropper.AF & Win32/Injector.EYW trojan

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

hot_sex.exe MSIL/TrojanDropper.AF & Win32/Injector.EYW trojan NOD found when SuperantiSPYware and malwarebytes didnt.. HELP PLEASE

#1 User is offline   Pajajn 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 148
  • Joined: 17-April 10
  • Gender:Male

Posted 25 April 2011 - 02:38 PM

Finally some Anti program found something dirty in my laptop.. i knew there was many crazy things going in inside it

C:\OpenDrive.exe a variant of MSIL/TrojanDropper.Binder.AF trojan
C:\$Recycle.Bin\S-1-5-21-2439961612-2072911440-2330335632-168886\$RUTWTHO.zip multiple threats
C:\Program Files (x86)\Sony\Vegas Pro 8.0\Keygen.exe a variant of Win32/Keygen.AR application
C:\Program Files (x86)\Spotify\SpotifyGenerator.exe Win32/Injector.EYW trojan
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJBQNR85\Unlocker1.9.0-x64[1].exe Win32/Adware.ADON application
C:\Users\Joakim.Perkman\AppData\Local\Microsoft\Messenger\jocke_perkman@hotmail.com\hot_sex.exe a variant of MSIL/TrojanDropper.Binder.AF trojan
C:\Users\Joakim.Perkman\Desktop\OpenDrive.rar a variant of MSIL/TrojanDropper.Binder.AF trojan
C:\Users\Joakim.Perkman\Desktop\Dokument\v3 Edited 2010\kzH.exe Win32/HackTool.Unreal-Rage application
C:\Users\Joakim.Perkman\Desktop\Dokument\WORKING V48+NO ERRORS IN CONSOLE\PerX.exe a variant of Win32/HackTool.Inject.D application
C:\Users\Joakim.Perkman\Desktop\Dokument\WORKING V48+NO ERRORS IN CONSOLE\Mina dokument\v3 Edited 2010\kzh.exe Win32/HackTool.Unreal-Rage application

Scanned with ESET Nod32 online scanner so couldnt remove them, just got the log:/
Please help, im running 64-bit W7 so can't run GMER either

NEED HELP FAST :(

#2 User is offline   Pajajn 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 148
  • Joined: 17-April 10
  • Gender:Male

Posted 25 April 2011 - 03:09 PM

i think im being part of a botnet :| btw here are the firewall log

System Log
Get IP Address 213.67.191.239 From DHCP Server => Thu Jan 1 00:00:37 1970

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 14:15:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 14:25:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 14:35:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 14:45:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 14:55:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 15:05:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 15:15:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 15:25:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 15:35:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 15:45:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 15:55:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 16:05:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 16:15:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 16:25:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 16:35:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 16:45:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 16:55:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 17:05:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 17:15:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 17:25:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 17:35:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 17:45:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 17:55:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:05:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:15:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:25:29 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:35:29 2011

WAN Connection Disconnected => Sun Apr 24 18:35:39 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:35:39 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:45:39 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 18:55:39 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 19:05:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 19:15:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 19:25:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 19:35:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 19:45:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 19:55:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 20:05:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 20:15:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 20:25:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 20:35:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 20:45:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 20:55:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 21:05:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 21:15:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 21:25:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 21:35:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 21:45:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 21:55:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 22:05:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 22:15:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 22:25:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 22:35:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 22:45:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 22:55:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 23:05:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 23:15:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 23:25:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 23:35:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 23:45:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Sun Apr 24 23:55:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 00:05:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 00:15:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 00:25:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 00:35:41 2011

WAN Connection Disconnected => Mon Apr 25 00:43:59 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 00:44:00 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 00:54:00 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:04:00 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:14:00 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:24:00 2011

WAN Connection Disconnected => Mon Apr 25 01:24:10 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:24:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:34:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:44:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 01:54:12 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 02:04:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 02:14:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 02:24:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 02:34:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 02:44:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 02:54:12 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 03:04:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 03:14:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 03:24:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 03:34:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 03:44:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 03:54:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 04:04:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 04:14:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 04:24:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 04:34:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 04:44:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 04:54:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 05:04:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 05:14:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 05:24:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 05:34:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 05:44:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 05:54:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 06:04:11 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 06:14:11 2011

WAN Connection Disconnected => Mon Apr 25 06:20:51 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 06:20:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 06:30:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 06:40:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 06:50:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 07:00:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 07:10:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 07:20:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 07:30:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 07:40:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 07:50:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 08:00:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 08:10:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 08:20:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 08:30:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 08:40:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 08:50:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 09:00:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 09:10:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 09:20:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 09:30:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 09:40:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 09:50:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:00:52 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:10:54 2011

WAN Connection Disconnected => Mon Apr 25 10:13:39 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:13:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:23:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:33:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:43:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 10:53:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 11:03:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 11:13:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 11:23:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 11:33:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 11:43:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 11:53:41 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 12:03:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 12:13:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 12:23:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 12:33:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 12:43:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 12:53:40 2011

Get IP Address 213.67.191.239 From DHCP Server => Mon Apr 25 13:03:40 2011

User Login From 192.168.2.5 => Mon Apr 25 13:07:29 2011


Firewall Log
IN=eth0 OUT=NONE SRC=86.221.77.184 DST=213.67.191.239 SPORT=62364 DPORT=63894 PROTO=TCP

IN=eth0 OUT=NONE SRC=81.170.219.13 DST=213.67.191.239 SPORT=51974 DPORT=28420 PROTO=TCP

#3 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,825
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 26 April 2011 - 10:40 PM

Hello,

I see that you have a number of topics. I need to know if they are from different computers or the same computer.

1) This topic - the posts above

2)) http://www.bleepingcomputer.com/forums/topic393006.html

3) http://www.bleepingcomputer.com/forums/topic392938.html

4) http://www.bleepingcomputer.com/forums/topic393423.html

Please indicate by number what topic belongs with what computer.

Thank you,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users