Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blackbird Virus & Microsoft Phishing Filter?


  • Please log in to reply
13 replies to this topic

#1 lauren001

lauren001

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 05:07 PM

I hope someone is able to help me again. I had to remake another account because I had forgotten my other one, but anyway... to my dilema.. :thumbsup:

Yesterday, I believe, I was trying to download something. Once I opened it I had all types of icons and a couple folders on my desktop. I do not remember what I tried to download because I got so freaked out by what had happened... and a few of them were talking about some BlackBird Virus or something... My desktop picture had changed to a warning link picture... Saying to click there to get spyware, in which I did not do... But I'm not 100% sure it's gone because of the Microsoft Phishing Filter keep poping up. That had not happened before this. The icons and such that were on my desktop after trying to open something I deleted them all... & changed my desktop picture back to a normal windows default, but I'm pretty positive that there's still something or more than one thing on my computer still that is effecting me... Whatever it was, it had hijacked my homepage, but I got back to that. I'm not sure if it's still vulnerable to being hacked on anything in my computer, so I hope someone could answer this. =\

I still have the anit-spyware that I was last told to download when I had another problem that was solved on here.
Those programs were: ATF Cleaner, DSS, HijackThis, and Malwarebytes' Anit Malware. These are the ones that I have downloaded and still have on my computer.

Another that I had been asked to use was the ComboFix...

PS: Also, another problem I'm having with this, is that whenever I try to 'RUN' something on my computer, by going to the Start Menu > Run, I'll click OK and it asks me what I would like to open it with, and if what I want, I can't find, it asks me to look on the internet for the right program to open it with (which never works anyway). So please please help me a.s.a.p. I'd really not like anything to be hacked from me again. I've almost had my identity stolen the last time it happened... :flowers:

Sincerely,
Lauren(001)

Edited by lauren001, 02 May 2008 - 05:13 PM.


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 May 2008 - 05:14 PM

to get SOME idea of what has hit you do you still have Malwarebytes' Anit Malware program on there and if so will it allow you to start it from the desktop icon?

#3 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 06:00 PM

I do still have it. I could run it, yes. ?

-edit-
Great, nevermind. It won't let me run it. It says...
"C:\Program Files\Malwarebytes' Anit-Malware\mbam.exe is not a valid Wun32 application."

The ATF Cleaner works that I've checked now...
HijackThis says the same as Malwarebytes' Anit-Malware...
& the DSS works that I've checked now as well. =\

**I let the DSS program run, and it gave me a log.
Would you like me to post what it gave me in results?

Edited by lauren001, 02 May 2008 - 06:23 PM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:36 AM

Posted 02 May 2008 - 06:27 PM

You should go back into the HJT forum and post there and stick with the thread until all clean and try to apply the reccomendations on why you got infected and how to stop being reinfected. The experts there are in short supply and it's really a waste of their precious time to get reinfected so soon.
Chewy

No. Try not. Do... or do not. There is no try.

#5 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 06:31 PM

So, you want me to post the DSS log in the HiJackThis forum? Because the HiJackThis program won't run anymore. A few things that're just on my computer, such as Paint, won't load either. I get an error. >_<

So I'll post the DSS log in the HJT forums? Just to clarify. :thumbsup:

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:36 AM

Posted 02 May 2008 - 06:33 PM

yes, that would be my advise, you have an infection that's going to be hard to kill and will need expert assistance
Chewy

No. Try not. Do... or do not. There is no try.

#7 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 06:52 PM

Alright, thanks I'll try to do that then. :]

#8 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 06:59 PM

I was given advise to move my post over to here for help? So I'll post what I had put in the other, of the information I know of this problem and what it shows me at times.

"I hope someone is able to help me again. I had to remake another account because I had forgotten my other one, but anyway... to my dilema.. :thumbsup:

Yesterday, I believe, I was trying to download something. Once I opened it I had all types of icons and a couple folders on my desktop. I do not remember what I tried to download because I got so freaked out by what had happened... and a few of them were talking about some BlackBird Virus or something... My desktop picture had changed to a warning link picture... Saying to click there to get spyware, in which I did not do... But I'm not 100% sure it's gone because of the Microsoft Phishing Filter keep poping up. That had not happened before this. The icons and such that were on my desktop after trying to open something I deleted them all... & changed my desktop picture back to a normal windows default, but I'm pretty positive that there's still something or more than one thing on my computer still that is effecting me... Whatever it was, it had hijacked my homepage, but I got back to that. I'm not sure if it's still vulnerable to being hacked on anything in my computer, so I hope someone could answer this. =\

I still have the anit-spyware that I was last told to download when I had another problem that was solved on here.
Those programs were: ATF Cleaner, DSS, HijackThis, and Malwarebytes' Anit Malware. These are the ones that I have downloaded and still have on my computer.

Another that I had been asked to use was the ComboFix...

PS: Also, another problem I'm having with this, is that whenever I try to 'RUN' something on my computer, by going to the Start Menu > Run, I'll click OK and it asks me what I would like to open it with, and if what I want, I can't find, it asks me to look on the internet for the right program to open it with (which never works anyway). So please please help me a.s.a.p. I'd really not like anything to be hacked from me again. I've almost had my identity stolen the last time it happened... :flowers:

Sincerely,
Lauren(001)"

I was also advised to post my DSS log that I let run while I tried to see if it worked and was told to put it here, but I won't until I get another OK.

If you want to see what I've put in the other post it's over here http://www.bleepingcomputer.com/forums/t/144984/blackbird-virus-microsoft-phishing-filter/ Please help me though a.s.a.p. =\

** The only reason you'd want to visit my other post was to see what I'd replied to saying what program doesn't work with my computer and the anti-spyware programs don't work with my computer anymore at the moment because of this virus/unknown problem. >_<

PS: Sorry. Also to add... when I try to download, lets say, HiJackThis again, It pops up the thing to save, but it doesn't tell me where it saves... If and when I try to search my computer for it, you know how there's a little dog or something... well there should be something above the dog/animal to ask where you'd like to search on your computer, the file name, etc. That doesn't show for me. So searching through my computer is useless to me. This has been like this for probably a few months now, I believe? So if there's a solution to that as well please tell. :trumpet:

Edited by lauren001, 02 May 2008 - 07:09 PM.


#9 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 07:15 PM

Oh, alright I've now gotten my Malwarebytes' Anti-Malware to work, somehow... Since in my other post it hadn't worked... Not entirely sure why. So I'm not sure if it will detect anything threatening. Just wish HiJackThis worked...>_<

**Oh, yeah. It's detected objects alright. I can't remember if it gives me logs or not? I haven't used it since the last time I was here to fix my computer, which was probably last year sometime I think, not sure. But hopefully it's alright if I do get a log, to post it here? =\

Edited by lauren001, 02 May 2008 - 07:17 PM.


#10 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 02 May 2008 - 08:08 PM

Malwarebytes' Anti-Malware 1.08
Database version: 498

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 109412
Time elapsed: 50 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 20

Memory Processes Infected:
c:\Documents and Settings\Lauren1\Local Settings\temp\csrssc.exe (Trojan.Downloader) -> No action taken.

Memory Modules Infected:
c:\WINDOWS\system32\jfiehayd.dll (Trojan.DownLoader) -> No action taken.
C:\WINDOWS\system32\ssqQgGYq.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.DownLoader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.DownLoader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59745f04-bf00-4ff9-b4d1-f577a503f361} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59745f04-bf00-4ff9-b4d1-f577a503f361} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.DownLoader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqqggyq -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdrxn.exe -> No action taken.

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\Helper (Adware.BHO) -> No action taken.

Files Infected:
c:\WINDOWS\system32\jfiehayd.dll (Trojan.DownLoader) -> No action taken.
c:\Documents and Settings\Lauren1\Local Settings\temp\csrssc.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\plsebctc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ctcbeslp.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqQgGYq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qYGgQqss.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qYGgQqss.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kdrxn.exe (Rootkit.DNSChanger) -> No action taken.
C:\Documents and Settings\Lauren1\Local Settings\temp\1933876912.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PT04TSEJ\sdferw[1].htm (Trojan.Agent) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080501-204051-547.dll (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A26BB917-2B16-4FB2-9DCE-3A4FE47E061D}\RP120\A0363091.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{A26BB917-2B16-4FB2-9DCE-3A4FE47E061D}\RP120\A0363092.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{A26BB917-2B16-4FB2-9DCE-3A4FE47E061D}\RP120\A0363093.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\TEMP\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\TEMP\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\TEMP\C6642DE7.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Helper\1209699337.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\mrofinu1535.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\opnnkii.dll (Trojan.Vundo) -> No action taken.

#11 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 03 May 2008 - 08:03 AM

I still have the anit-spyware that I was last told to download when I had another problem that was solved on here.
Those programs were: ATF Cleaner, DSS, HijackThis, and Malwarebytes' Anit Malware. These are the ones that I have downloaded and still have on my computer.Another that I had been asked to use was the ComboFix..


just to clarify maybe.......was this advise given on THIS forum or some other site ?

#12 lauren001

lauren001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:Flower Mound, TX
  • Local time:04:36 AM

Posted 03 May 2008 - 09:59 PM

Yes, I'm pretty sure it was in this forum last time.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:36 AM

Posted 03 May 2008 - 10:01 PM

Another that I had been asked to use was the ComboFix...


that's not usually done here
Chewy

No. Try not. Do... or do not. There is no try.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:36 AM

Posted 04 May 2008 - 11:48 PM

Hello lauren001,

Since your topic in the HJT forum did not in fact contain an HJT log or any other logs specific to that forum, I have merged that topic with your original topic here.

Here are the directions for posting over there:

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. If you cannot do a step, then skip it and go on to the next.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log.

When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic so that we know you are receiving assistance there.

Note that your topic in the HJT forum should contain the DSS log and the Kaspersky Online Scan log if you are able to get one. Do not include any other logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users