Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by something


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dave_Taurus

Dave_Taurus

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 20 November 2008 - 11:36 PM

My wife's laptop has been infected by something *very* similar to this, just this afternoon.

I managed to run Symantec, and it located downloader.misleadapp, trojan.perfco and hacktool.rootkit, and there's a file called brastk.exe that's trying to run at startup.

After a *lot* of messing around, I finally got smitfraudfix to run by renaming it in safe mode, but it didn't fix the problem. I've now got Malwarebytes' Anti-Malware running a scan, also by renaming it, but one of the problems with this infection is that it's preventing anti-spyware software from receiving updates, so I haven't been able to update it (and literally this second, it's just stopped, with the following error message: 'Error code 731 (0,6)' - although it still seems to be scanning... and now it's telling me it couldn't remove certain files and I should reboot).

I guess if Malwarebytes doesn't work I'll try the SDFix.

BC AdBot (Login to Remove)

 


#2 Dave_Taurus

Dave_Taurus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 November 2008 - 12:05 AM

Okay, SDFix seems to have worked, or at least allowed her laptop to connect to the internet. I'm just about to run Spybot etc. to make sure I've removed absolutely everything though. Thanks for the advice!

#3 Dave_Taurus

Dave_Taurus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 November 2008 - 01:05 AM

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised.



This is interesting (and worrying!). As you can see here, my wife's laptop has just been infected by something like this (she had the brastk file, but not the karna one). She doesn't store any of her banking information on the computer, but she has, in the past, used it for online banking. Will she still need to change her passwords? Will she need to reformat the computer?

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 21 November 2008 - 12:10 PM

If you do manage to get Malawarebytes to work can you post its log for checking? :thumbsup:

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:14 AM

Posted 21 November 2008 - 08:31 PM

Response by Rigel pasted from the topic that this topic's present post #3 was split from:

Dave: I would change passwords just to be safe. If she doesn't use her computer for the above mentions stuff - just playing games, or browsing, you may opt for cleaning. Your best bet is to post a log to the HJT forum and have our Malware team use the more advanced tools on the infection.


Hello Dave_Taurus,

I split your post from Trentzip's topic on Brastk.exe and merged it to your previously existing topic here in Am I Infected. Posting in someone else's thread or posting new topics on the same issue confuses things for everyone.

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/181318/brastkexe/

We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult. Given that rigel has already said you need assistance in the HiJack This forum, I will close this thread to avoid confusion.

Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users