Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Daughteer's Against Mine


  • Please log in to reply
19 replies to this topic

#1 not_anyone

not_anyone

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:02:26 AM

Posted 30 April 2008 - 07:57 AM

This was the best title I could come up with,and hope I am posting in the right sorum. My daughter downloaded a game on my computer,which is the sameone she has on hers. Ok on my computer keeps saying there is a virus in it. Her computer has never came up with it. So I can't play the game. Any way she uses the free avg and freedom(firewall?). I have f-secure and this is what it says "Backdoor win32.rbot.jwg c;\program files\the price is right\vtmcebk.exe action:renamed." She uninstalled and reinstalled it several times and that came up every time. If anyone can help me it would greatly be appreciated. I don't understand why mine says virus and hers doesn't.

not_anyone :thumbsup:

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 30 April 2008 - 03:31 PM

try this ; what IS the game and from where downloaded?

when you had uninstalled the game did the antivirus run clean?
on your computer, uninstall the program and run your antivirus program

onew MIGHT ask if you ARE infected but not by this program :thumbsup:

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 30 April 2008 - 03:44 PM

Hello not_anyone and welcome. Very Important, is this an XP or another type PC?
If ruby's suggestion doesn't clear it then this is a distinct posibility.
It is easily posible for it to be on one and not the other.

IMPORTANT NOTE: One or more of the identified infections was a backdoor Trojan which previously was installed on your machine. Backdoor Trojans, IRC Bots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the backdoor Trojan was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read "When should I re-format? How should I reinstall?

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please continue as follows. (Thanks to Quietman7 for this explanation)

Please run this
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Edited by boopme, 30 April 2008 - 03:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 30 April 2008 - 04:07 PM

one other question ; are the computers linked on any kind of network or are they completely independent?

I think you need to assume that YOUR computer IS infected ??with what else??

you would be advised to run THOROUGH scans of the daughters computer and keep it out of contact with yours

I suggest that the flag up BY your antivirus program may be the sign of a big nasty hiding inside :thumbsup:

#5 not_anyone

not_anyone
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:02:26 AM

Posted 01 May 2008 - 06:21 PM

I ran the malware program you suggested. It found nothing infected. So I must have gotten rid of it. My daughter downloaded The Price is Right from Big Fish Games. She has a account there. I still don't know what has happened, she has cable hook up,and mine is dsl. Our computers were not connected.When she first downloaded we played it with no problem. Then several days went by and I went to play the games and I got that message from f-secure. I asked her to fix it and every time we got that message. So I uninstalled it, no problems since then. Thank you so much for helping find out that my computer was not still infected.
Thanks,
Not anyone

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 02 May 2008 - 10:54 AM

I would suggest you also run on YOUR maybe still infected computer
a2

http://www.emsisoft.com/en/software/free/
from

http://download6.emsisoft.com/a2FreeSetup.exe

and

superantrispyware

http://www.superantispyware.com/superantis...efreevspro.html

from

http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

fully update each, reboot and run from the desktop icon full computer scans OFF line

let us know what they find ?

#7 not_anyone

not_anyone
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:02:26 AM

Posted 03 May 2008 - 09:18 AM

Thanks Ruby1,
I ran the 2 programs you suggested the superantispyware found 65 cookies and I don't know what should be deleted or quartined. The other one A2 found several things traces of cookies don't know what to do with these either So when and if you have time can you could help me understand these so I know whether or not to delete or quartine.

Thanks a lot.
not anyone

#8 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 03 May 2008 - 09:38 AM

I suggest you rerun the malawarebytes program requested by Mod boopme and the two other programs and get them to delete all they find ; then post all the log reports on here for boopme's examination?

we are TRYING to sus out if you do have an infection on there that you actually were not aware of and did not know about

we need to be VERY aware that boopme has flagged up a possible backdoor infection on there and if it IS there and possibly hiding snuggly somewhere , maybe Boopme can suggest a more powerful tool for you to run to completlely identify it and confirm that the computer does need to be wiped clean




.........or that you ARE clean and free to go .................................. :thumbsup:

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 03 May 2008 - 09:49 AM

Hello ,yes delete/quarantine all Items detected.
Please run and post the MBAM results.
Have you run anther scan with AVG from safe mode and is it still finding
Backdoor win32.rbot.jwg c
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 03 May 2008 - 10:02 AM

I have f-secure and this is what it says "Backdoor win32.rbot.jwg c;\program files\the price is right\vtmcebk.exe action:renamed.



Have you run anther scan with AVG from safe mode and is it still finding
Backdoor win32.rbot.jwg c


I beleive we have F secure antivirus running on the questionable computer ?


please also note
http://forum.f-secure.com/topic.asp?TOPIC_ID=5749

The following changes were done in F-Secure Anti-Virus database update 2008-04-13_01:

Changes in version 2008-04-13_01



#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:26 AM

Posted 03 May 2008 - 10:34 AM

I am downloading all 112MB of this game and will test, who knows I might buy it?
Chewy

No. Try not. Do... or do not. There is no try.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:26 AM

Posted 03 May 2008 - 11:25 AM

vtmccbk.exe is the actual name of the file

C:\Program Files\The Price is Right

Scan taken on 03 May 2008 16:21:38 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Trojan.Rbot.Jwg
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Trojan.Mybot-10203
CPsecure Found BackDoor.W32.SpyBoter.fb
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.Rbot.jwg
Fortinet Found W32/RBot.JWG!tr.bdr
Ikarus Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Rbot.jwg
NOD32 Found nothing
Norman Virus Control Found Malware.COIQ
Panda Antivirus Found nothing
Sophos Antivirus Found Sus/ComPack-C (probable variant)
VirusBuster Found nothing
VBA32 Found Backdoor.Win32.Rbot.jwg

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious File With Covert Attributes
Rising - - -
Sophos - - Sus/ComPack-C
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Virus.Win32.FileInfector.gen (suspicious)
Chewy

No. Try not. Do... or do not. There is no try.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:26 AM

Posted 03 May 2008 - 11:38 AM

virustotal gave fewer hits

My son walked by when the game started, I am not sure I will live that down

the game uninstalled clean and easily, the file in question is undoubtable a heavy duty protection one to keep people from pirating the game

MY HJT LOG IS SHORT AND CLEAN as usual

conclusion false positive
Chewy

No. Try not. Do... or do not. There is no try.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:26 AM

Posted 03 May 2008 - 11:43 AM

I used firefox with no script to go to the site, there were no scripts running on the site, mcaffe site advisor gave a solid green to the site, seeing that the games were trial(30 minute) or paid I figured they were on the up and up and to be trusted
Chewy

No. Try not. Do... or do not. There is no try.

#15 not_anyone

not_anyone
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:02:26 AM

Posted 03 May 2008 - 02:06 PM

I reran all of the malware and virus and I guess I am clean all records are clean now. Thanks for all the help I feel as if I can breath easier now. This is the reason I like this place so much, every one is so helpful and nice. :thumbsup:
not anyone




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users