Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mal_otorun2 Infection


  • Please log in to reply
8 replies to this topic

#1 ike160

ike160

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:05:36 AM

Posted 23 May 2008 - 06:28 AM

I have a virus or malware problem with my computer. I am running Windows XP Media version on a Dell laptop.

I first noticed the problem when Trend Micro OfficeScan detected a Virus/Malware called Mal_Otorun2 during a real-time scan. The infected file is named "autorun.inf" (c:\autorun.inf).

Since the problem began Trend Micro also occasionally finds something called WORM_AUTORUN.KZ.

There are several things I have noticed since the problem started. I sometimes get a yellow shield that appears in the system tray. It looks like the Microsoft Update icon but it doesnít respond when I try to right or left click to open it.

I donít know if it is related but my laptop has also been losing time lately. I have to reset the clock daily. It seems like this loss only occurs when the laptop is in hibernation. The bios clock is also losing time.

The only functional problem that I have noticed is that when I connect my Bluetooth headset using Toshibaís stack software, the headset will connect but then I get a pop-up window asking me if I am sure that I want to disconnect. This happens automatically and continuously until the headset is disconnected.

I have tried several solutions proposed on forums but havenít had any success. I would appreciate some help resolving this problem.

I have a HiJack This log prepared.

Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 23 May 2008 - 01:51 PM

Hello, Be sure to have the latest updates for TM. Then reboot into safe mode and re scan. Is this and XP machine?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ike160

ike160
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:05:36 AM

Posted 24 May 2008 - 08:57 AM

Hello boopme,

I am running Windows XP Media version with SP3. I updated TM and then tried to scan the system in safe mode. I wasn't able to get TM running in safe mode. So, I rebooted into safe mode with networking and ran TM housecall 6.6. It found the Mal_Otorun2 malware and 1 greyware infection. However, when I tried to have TM clean the infections it started working but then failed and returned a message: "HouseCall Client cannot be executed due to internal errors. Please contact your system administrator / support to report this problem."

Any suggestions on where to go from here?

Thanks,

#4 ike160

ike160
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:05:36 AM

Posted 24 May 2008 - 05:26 PM

Hey boopme,

I tried running the housecall again in safe mode. It failed again and gave me the same message as above. However, this time I found the file that housecall identified and deleted it myself. I rebooted in normal mode and re-ran TM. It didn't find anything on the hard drive. I re-installed my bluetooth software and it's working as well. I'm keeping my fingers crossed that the problems are gone for good. Do you think I should submit a HiJack This log on the appropriate forum to verify that my computer is clean?

Thanks for your help!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 25 May 2008 - 02:23 PM

Hello again. Sorry to see you had such dificulty. TM's page showed it should get. Well I think yoyu got it the hard way. But thats good. Please run this scan next,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ike160

ike160
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:05:36 AM

Posted 26 May 2008 - 03:46 PM

Hello boopme,

I downloaded and ran mbam. Nothing was found during the scan. Here is the log:
Malwarebytes' Anti-Malware 1.12
Database version: 788

Scan type: Quick Scan
Objects scanned: 38446
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 26 May 2008 - 07:56 PM

Looks clean ,all the symptoms gone now? PC running normally?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ike160

ike160
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:05:36 AM

Posted 27 May 2008 - 03:58 PM

Yes, my clock is back to normal, my Bluetooth headset works again with no disconnection problem, I haven't seen the yellow shield in the system tray, and TM hasn't found Mal_Otorun2 since the house call scan in safe mode... so far so good. My PC seems to be running fine. I set TM to run daily full scans as a precaution and I also scanned my USB drives (keys, external hard drive, etc) to make sure I stay clean.

Thanks again for your help!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 AM

Posted 27 May 2008 - 04:03 PM

Great news !!

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users