BleepingComputer.com: I think im infected but unsure with what.

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

I think im infected but unsure with what. nothing currently comes up in scans but running very slow.

#16 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 12 July 2011 - 06:01 AM

Lets try a Free online scan by ESET, and see what it detects.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#17 User is offline   ktmride_orange 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 03-June 11

Posted 13 July 2011 - 01:49 AM

it picked up 7 trojans:

C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0EDSFDUG\QQkFBg0MBAEDAAABEkcJBQcEAAwCAAMFBw==[1].htm JS/Exploit.Agent.NCQ trojan cleaned by deleting - quarantined
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIU7XWTN\QQkFBg0MBAEDAAABEkcJBQcEAAwCAAMFBw==[1].htm JS/Exploit.Agent.NCQ trojan cleaned by deleting - quarantined
C:\Users\Joshua\AppData\Local\Temp\jar_cache235078375321551350.tmp Java/Exploit.CVE-2010-0842.I trojan cleaned by deleting - quarantined
C:\Users\Joshua\AppData\Local\Temp\jar_cache2718802804706747600.tmp Java/TrojanDownloader.OpenStream.NAX trojan deleted - quarantined
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-74253d6e multiple threats deleted - quarantined
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\40b61b4-26808ff3 probably a variant of Win32/Agent.KYOMCBX trojan deleted - quarantined
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-4ee5d7f2 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined

#18 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 13 July 2011 - 01:55 AM

Rerun superanti-spyware and see if it detects what it detected:

Adware.Agent/Gen-Pinball
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\CLICKPOTATOLITESA.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\USERS\JOSHUA\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\EXPLORER.EXE

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#19 User is offline   ktmride_orange 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 03-June 11

Posted 16 July 2011 - 12:33 PM

Ok i re-ran it and it detected 19 tracking cookies but for some reason it wouldnt let me copy and paste them

#20 User is offline   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,386
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 16 July 2011 - 12:35 PM

can you upload the log to like http://www.rapidshare.com and post the link here.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#21 User is offline   ktmride_orange 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 03-June 11

Posted 17 July 2011 - 04:34 PM

Oh nevermind i wasnt going to the right place to get the log here it is:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2011 at 11:01 PM

Application Version : 4.55.1000

Core Rules Database Version : 7391
Trace Rules Database Version: 5203

Scan type : Complete Scan
Total Scan Time : 04:34:43

Memory items scanned : 669
Memory threats detected : 0
Registry items scanned : 15902
Registry threats detected : 0
File items scanned : 230035
File threats detected : 19

Adware.Tracking Cookie
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\joshua@andomedia[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\joshua@kontera[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@ad.yieldmanager[2].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@ads.bleepingcomputer[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@ads.undertone[2].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@advertising[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@andomedia[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@apmebf[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@bs.serving-sys[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@doubleclick[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@eset.122.2o7[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@fastclick[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@imrworldwide[2].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@merchntaccount[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@ru4[2].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@serving-sys[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@sixflags.122.2o7[1].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@stat.onestat[2].txt
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Cookies\Low\joshua@stats.paypal[2].txt

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users