Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Smitfraud, Trojans, Keyloggers...


  • Please log in to reply
5 replies to this topic

#1 MJ4

MJ4

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:32 AM

Posted 16 July 2008 - 10:59 AM

Turns out I had a whole bunch of 'em. Ran SmitfraudFix, Malwarebytes, Spybot, SUPERAntispyware, ATF Cleaner, and I downloaded HijackThis and Deckard's System Scanner. Can someone please help me out with the logs?

Edited by Orange Blossom, 16 July 2008 - 03:40 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


m

#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 July 2008 - 12:28 PM

Hi,

1. Can you do a scan with MalwareBytes' Anti-Malware again? :thumbsup:
Post the logfile in your next reply.

2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#3 MJ4

MJ4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida

Posted 17 July 2008 - 07:02 PM

:thumbsup: Hi, here are the Malwarebytes and Kaspersky scan logs.




Malwarebytes' Anti-Malware 1.20
Database version: 962
Windows 5.1.2600 Service Pack 2

5:53:35 PM 7/17/2008
mbam-log-7-17-2008 (17-53-35).txt

Scan type: Quick Scan
Objects scanned: 45574
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 17, 2008 22:09:45
Records in database: 965401
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 72700
Threat name: 3
Infected objects: 2
Suspicious objects: 1
Duration of the scan: 01:38:33


File name / Threat name / Threats count
C:\Documents and Settings\Landon Douglas\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Landon Douglas\Local Settings\Application Data\Identities\{9F5A6976-19F6-47DF-88E2-A5764C5AC2AC}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Landon Douglas\Shared\batman & robin snopp dogg paid.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 July 2008 - 04:50 AM

Hi,

I'm going to redirect you to the HijackThissection of this forum.
I can't see the malware in these logs. HijackThis shows a better report, but may only be advised by HijackThis Helpers. This is why I redirect you.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Good luck. :thumbsup:

Edited by superbird, 18 July 2008 - 04:50 AM.


#5 MJ4

MJ4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:03:32 AM

Posted 18 July 2008 - 09:40 AM

Alright. Thanks for your help! :thumbsup:

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 July 2008 - 09:44 AM

You're welcome. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users