Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I Cannot Get Rid Of This Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 imbrium

imbrium

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 26 August 2008 - 03:20 PM

Hi all -
this is my first time here; a friend told me about the forums, and after looking over them, I was more than impressed.
I was wondering if anyone could help me get rid of the FakeAlert-VB trojan....I was infected 2 days ago, and I cannot seem to fix this one.
My wallpaper keeps changing, I can't change it back, and McAfee keeps popping up saying it has removed the virus, but doesn't remove it at all.
I've tried TrendMirco scanning, but IT couldn't fix it either.

What can I do?

(attached is the HiJack This logfile I just ran).

Thanks in advance,
Imbrium

Attached Files



BC AdBot (Login to Remove)

 


m

#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 27 August 2008 - 04:54 PM

Hi

First ... please don't attach any logs (unless asked to do so) Copy & paste them, it's easier to read them that way ... thanks

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 imbrium

imbrium
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 28 August 2008 - 02:25 AM

steam,
i haven't yet ran combofix, but so far, malwarebytes' anti-malware has fixed the problem.
the log, as requested, is as follows:
Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 5.1.2600 Service Pack 1

2:09:56 AM 8/28/2008
mbam-log-08-28-2008 (02-09-56).txt

Scan type: Quick Scan
Objects scanned: 63160
Time elapsed: 15 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpqsj0evcn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\phcpqsj0evcn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\darryl\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\darryl\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\darryl\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\darryl\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\darryl\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\darryl\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


i'm going to run combofix right now, and i'll post the log when it's done.

i simply cannot thank you enough; it's much appreciated.

cheers then,
imbrium

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 August 2008 - 04:32 PM

Hi

Please do run & post the Combofix log, there will be leftovers to clean up...

Also your java is out-of-date, this malware in particular exploits old versions of jave, & is most probably how it got on your computer...

Go to add/remove programs and uninstall any earlier versions ... in your case :-

j2re1.4.2
+ any other old versions you may have...

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 7' and press the 'Download' button.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 September 2008 - 03:10 PM

Due to lack of feedback This thread is now treated as resolved and duly closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users