Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Us Postal Service E-mail Viruses


  • Please log in to reply
6 replies to this topic

#1 Arbypb

Arbypb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 July 2008 - 09:20 PM

Greetings, My wife opened an e-mail from the postal service that downloaded several viruses. It disabled my Norton anti-virus and spybot. Ifinally identified some of the viruses and trojens and quarentined them manually. Norton still gave me a high alert with some files in my Temp directory. I finally got the NOrton and spybot to work again and used a good program called combofix which seemed to identify and remove all my problems. I was even able to use regedit and msconfig that were previously not working.

I made a Combofix log and would like someone to look at it and make any additional suggestions. Please let me know if I can paste the log.

Thanks

Edited by Orange Blossom, 27 July 2008 - 10:40 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:26 AM

Posted 28 July 2008 - 05:39 AM

Combofix is an advanced tool that requires upper level training to analyze the logs and custom design fixes, I understand your desire to clean the infection yourself.

I would advise not to post the combofix log as that would just

Any posts containing CF Logs will be ignored

require that we can't help you

Would you run a scan with MBAM?

http://www.bleepingcomputer.com/forums/t/156573/virutmonde-removal/
Chewy

No. Try not. Do... or do not. There is no try.

#3 Arbypb

Arbypb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 06 August 2008 - 08:24 PM

Thanks, here is the Mban scan..... Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 5.1.2600 Service Pack 2

9:21:13 PM 8/6/2008
mbam-log-8-6-2008 (21-21-13).txt

Scan type: Quick Scan
Objects scanned: 46167
Time elapsed: 22 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\2 find mp3 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Data (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\2 find mp3\Partner (Adware.180Solutions) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\2 find mp3\Data\SearchKeys.txt (Adware.180Solutions) -> Quarantined and deleted successfully.

Edited by Arbypb, 06 August 2008 - 08:25 PM.


#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:26 AM

Posted 06 August 2008 - 09:44 PM

It looks like you don't leave much for MBAM to clean, that's good. How's your computer running?

Regedit and msconfig were tools I used long ago for fighting malware, it's really a bad approach as an infection is too complicated to even guess what's interconnected. I have sorted my system32 files by date and found remnants that way but
they were inactive since MBAM or another cleaner had killed the active infection.

I have better results using a combination of several programs, starting with the safer ones and moving to the more powerful ones, alternating between normal mode and safe mode while disconnected from the internet.

I killed a very dangerous infection that supposedly required advanced tools this way. I ran MBAM 4 times with help from SAS and ATF cleaner and then SDFix towards the end. Even combofix would have required advanced training to fully remove the infection.
Chewy

No. Try not. Do... or do not. There is no try.

#5 Arbypb

Arbypb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 August 2008 - 09:12 PM

Thanks for the information. My computer is running faster when using the internet. However restarting seems to take 5-6 minutes. I may have too many programs or drivers from old programs trying to load during start up. I have heard it is a good idea to disable programs during start up to speed things up. I also am still having a long wait when using Outlook 2007 e-mail. I will click new message and then wait 30 seconds to a minute before it is ready to start my message. I guess this has nothing to do with past viruses and instead some software problem. Deleting and reinstalling the program did not not help. I will continue to use spybot and Norton to check up on the computer. Any other sugguestions for routine maintanence?

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:26 AM

Posted 08 August 2008 - 09:32 PM

several programs including the one you already used give a processes list

I don't think anyone would object to you posting that part of a log

Even with this barebone list of mine, windows is getting corrupt and I need to do a clean install myself, Of course I am a performance nut

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Documents and Settings\bob\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe


don't run combofix again

teatimer can corrupt windows and programs with it's registry protection if you answer a question wrong

I use spybot myself

Edited by DaChew, 08 August 2008 - 09:35 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:26 AM

Posted 08 August 2008 - 09:38 PM

Any other sugguestions for routine maintanence?


I keep my startup programs to a minimum, periodically take out the trash, uninstall unused programs, keep data on another drive, and then defrag, never takes more than a few minutes
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users