Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Msn - Hotmail-album Infection


  • Please log in to reply
10 replies to this topic

#1 analyzethis

analyzethis

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 31 October 2007 - 01:11 PM

Hi there,

I stupidly clicked on a received file from MSN today, something about hotmail-album-????.zip. It expanded to a folder with www.hotmail.com in it, which I clicked on. Don't know what i was thinking today. It came from a legit contact in my list.

Anyway, after deleting it and running that MsnCleaner (which found nothing as I previously deleted the files), everything seems fine, but some of my msn message windows will occasionally disappear and reappear for about 30 seconds. I'm thinking something else may have got infected.

Does anyone know if any files get installed anywhere if you ran this thing?

Actually, one of my contacts just reported they are still getting the msn popup from me, so it looks like it's still an issue.

Thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:14 PM

Posted 31 October 2007 - 02:14 PM

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"?

You need to start there first. If you don't have any anti-virus or anti-malware programs, see BC's list of Freeware Replacements For Common Commercial Apps. There are several free online anti-virus scans listed which you can perform. I would also recommend that you download and scan with SUPERAntiSpyware Free in "SAFE MODE".
Please update the defintions before performing a scan. If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 analyzethis

analyzethis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 31 October 2007 - 04:16 PM

More info would help eh :thumbsup:

XP Pro, SP2 - running under user with admin privileges.
Use Trend Micro PC-Cillin AV - did full scan, didn't come up with anything. Scanned in safe mode.
Ran spybot and removed recommended entries - it did find a virtumondo entry, but it removed it.

I will try the SuperAntiSpyware in safe mode as well.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:14 PM

Posted 31 October 2007 - 04:47 PM

If you found virtumondo, then go ahead and follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection" as well.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 analyzethis

analyzethis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 01 November 2007 - 01:54 PM

Turns out I don't have that virtumondo thing, nothing was found with those detection programs in safe mode. Manually did a search on pc for "hotmail" and removed all "hotmail-album-????" files/folders.
Ran SuperAntiSpyware again in safe mode - detected 8 ad-related cookies, which I deleted.

Do you know how to find out where it originated from? From which of the msn contacts? I know of 4 contacts that have ran the zip file so I'm sure it's spreading a lot.

Thanks again!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:14 PM

Posted 01 November 2007 - 02:28 PM

This garbage spreads like a wild fire and could have come from any number of sources.

If the problem is resolved you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 analyzethis

analyzethis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 01 November 2007 - 02:49 PM

I'll look into that System Restore, have to do a lot of cleanup with the systems here that are effected - at least 4 of them.

I ran a bitdefender online scan and it came up with the following, any other ideas to clean this up - it's actually still happening

BitDefender Online Scanner







Scan report generated at: Thu, Nov 01, 2007 - 15:37:05









Scan path: C:\;D:\;E:\;















Statistics

Time


00:59:33

Files


219614

Folders


5440

Boot Sectors


3

Archives


14253

Packed Files


10114







Results

Identified Viruses


11

Infected Files


37

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


65







Engines Info

Virus Definitions


859824

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\QooBox\Quarantine\C\WINDOWS\system32\cyeewdbv.dll.vir


Infected with: Trojan.Vundo.CG

C:\QooBox\Quarantine\C\WINDOWS\system32\cyeewdbv.dll.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\cyeewdbv.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\wtdsqlxw.dll.vir


Infected with: Trojan.Juan.H

C:\QooBox\Quarantine\C\WINDOWS\system32\wtdsqlxw.dll.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\wtdsqlxw.dll.vir


Deleted

C:\WINDOWS\Hotmail-Album-9106.zip=>www.hotmail.com


Infected with: DeepScan:Generic.PWS.Games.4.A96152C5

C:\WINDOWS\Hotmail-Album-9106.zip=>www.hotmail.com


Disinfection failed

C:\WINDOWS\Hotmail-Album-9106.zip=>www.hotmail.com


Deleted

C:\WINDOWS\Hotmail-Album-9106.zip


Updated

C:\WINDOWS\system\named.exe


Infected with: DeepScan:Generic.PWS.Games.4.A96152C5

C:\WINDOWS\system\named.exe


Disinfection failed

C:\WINDOWS\system\named.exe


Delete failed

D:\downloads\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat


Infected with: Trojan.Bat.Sdel.AC

D:\downloads\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat


Disinfection failed

D:\downloads\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat


Deleted

D:\downloads\ComboFix.exe=>(RAR Sfx o)


Update failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\101.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\101.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\101.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\104.tmp=>(Quarantine-4)


Infected with: Trojan.LowZones.SA

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\104.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\104.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13C.tmp=>(Quarantine-4)


Infected with: DeepScan:Generic.Virtumod.6CDBD2E4

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13C.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13C.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\58.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\58.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\58.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8D1.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8D1.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8D1.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8EC.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8EC.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8EC.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8EE.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8EE.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8EE.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8F5.tmp=>(Quarantine-4)


Infected with: Trojan.LowZones.SA

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8F5.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\8F5.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\91D.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\91D.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\91D.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\91F.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\91F.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\91F.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\921.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\921.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\921.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\922.tmp=>(Quarantine-4)


Infected with: Trojan.LowZones.SA

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\922.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\922.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\92E.tmp=>(Quarantine-4)


Infected with: Trojan.LowZones.SA

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\92E.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\92E.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\932.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\932.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\932.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\934.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\934.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\934.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\939.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\939.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\939.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\93C.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\93C.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\93C.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\946.tmp=>(Quarantine-4)


Infected with: Trojan.LowZones.SA

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\946.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\946.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\992.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\992.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\992.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\9AD.tmp=>(Quarantine-4)


Detected with: Adware.Virtumonde.GFH

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\9AD.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\9AD.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\AD.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\AD.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\AD.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B10.tmp=>(Quarantine-4)


Detected with: Adware.Virtumonde.GFH

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B10.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B10.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B12.tmp=>(Quarantine-4)


Infected with: Trojan.Fotomoto.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B12.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B12.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B14.tmp=>(Quarantine-4)


Infected with: DeepScan:Generic.Virtumod.6CDBD2E4

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B14.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B14.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B16.tmp=>(Quarantine-4)


Infected with: DeepScan:Generic.Virtumod.6CDBD2E4

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B16.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B16.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>keygen.exe


Infected with: Trojan.Agent.AAKN

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>keygen.exe


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>keygen.exe


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)


Update failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>crack.exe


Infected with: Trojan.Downloader.Agent.BQM

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>crack.exe


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>crack.exe


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)


Update failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>patch.exe


Infected with: Trojan.Downloader.LoadAdv.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>patch.exe


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)=>patch.exe


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B39.tmp=>(Quarantine-4)


Update failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DED.tmp=>(Quarantine-4)


Infected with: DeepScan:Generic.Virtumod.6CDBD2E4

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DED.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DED.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DEF.tmp=>(Quarantine-4)


Infected with: Trojan.Downloader.Agent.BQM

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DEF.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DEF.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DF0.tmp=>(Quarantine-4)


Infected with: Trojan.Downloader.LoadAdv.A

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DF0.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DF0.tmp=>(Quarantine-4)


Deleted

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DF3.tmp=>(Quarantine-4)


Infected with: DeepScan:Generic.Virtumod.6CDBD2E4

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DF3.tmp=>(Quarantine-4)


Disinfection failed

D:\Program Files\Trend Micro\Internet Security 2006\Quarantine\DF3.tmp=>(Quarantine-4)


Deleted

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:14 PM

Posted 01 November 2007 - 09:10 PM

Bit Defender picked up the quarantined files in Trend Micro and Combofix. It could not disinfect so it deleted.

Download OTMoveIt by OldTimer and save to your Desktop.
  • Connect to the Internet and double-click on OTMoveIt.exe to launch the program
  • Click on the CleanUp! button.
  • When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the Internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select yes.
Delete any quarantined files that are remaining in Trend Micro Internet Security 2006, then rescan with Bit Defender.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 analyzethis

analyzethis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 05 November 2007 - 11:03 AM

Okay, I think this is gone now.

FYI: I believe this thing adds the file "named.exe" to the c:\windows\system folder. You need to make sure you have enabled viewing for all hidden and system files in the Window Explorer file view options. I removed that file, along with doing a full system search for anything related to "hotmail-album" and removing those files.

Then I did the online scan with BitDefender: http://www.bitdefender.com/scan8/ie.html.

Everything seems to be okay now and I will setup a system restore point for my cleaned system.

Thanks for all your help on this one, appreciate it.

#10 analyzethis

analyzethis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 05 November 2007 - 11:08 AM

By the way, what would you define this thing as, malware?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:14 PM

Posted 05 November 2007 - 11:47 AM

Your welcome.

Malware and Spyware are general terms that are often used interchangeably. I consider it all just simply malware.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"The Ten Most Dangerous Things Users Do Online".
"The 10 Biggest Security Risks".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".

Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users