Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Infection


  • Please log in to reply
2 replies to this topic

#1 twilldab

twilldab

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 13 August 2007 - 04:14 PM

:thumbsup:
//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 13/08/2007 08:43:52
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
Folders : 21505
Files : 1238385
Memory processes scanned : 54
Archives : 25562
Runtime packers : 132425
Identified viruses : 3
Infected files : 5
Memory processes infected : 0
Suspect files : 30
Warnings : 0
Disinfected files : 0
Deleted files : 4
Moved files : 0
I/O errors : 41
Scan time : 03:12:32
Scan speed (files/sec) : 107

Spyware Statistics

Registry keys scanned : 2029
Registry keys infected : 0
Cookies scanned : 528
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 754807
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1187012632.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected: Trojan.Bat.Sdel.AC
C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Disinfection failed
C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Move failed
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\$RECYCLE.BIN\$ROLLUWC.PST Archive repacking has failed (marked actions not taken)
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst Archive repacking has failed (marked actions not taken)
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\email.pst Archive repacking has failed (marked actions not taken)
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability

PLease help.

David

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:09:14 PM

Posted 13 August 2007 - 04:28 PM

Please contact RiP_ChAiN_ in the Hijack Team and have him reopen your Hijack Thread.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#3 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:14 PM

Posted 13 August 2007 - 04:30 PM

The combofix stuff is apparently not an infection, you should go back to this thread http://www.bleepingcomputer.com/forums/t/100331/multiple-trojans-detected/ and send a PM to __RiP_ChAiN_ and ask that it be reopened. To me it appears that the fixes were not completed.

Edited by oldf@rt, 13 August 2007 - 04:31 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users