Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kollah.RT virus zip file


  • Please log in to reply
9 replies to this topic

#1 alpenview

alpenview

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 28 November 2008 - 10:02 PM

CA realtime monitor finds the Kollah. RT virus in my Thunderbird inbox and quarantines my system. I've attempted to delete all ups related emails and to compact my folders, but the CA antivirus program quarantines my system because of this virus. I've run scans with the main CA program, Malwares' and AVg's programs but none of them seem to locate this file.

I've also scanned the inbox in a text editor but I don't seem to find a file with any UPS text in it.

I'm travelling, so it is impractical to run any of the online scans as they take much too long.

Regards,

Alpenview

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 28 November 2008 - 10:21 PM

Is this an XP pc? Did the Malwarebtyes scan remove anything? If so please post that log. I will tell you that this is an infostealer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 alpenview

alpenview
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 29 November 2008 - 07:17 PM

This is an xp pc. Malwarebytes did not find anything. Subsequent to the first post, I also did a scan with superantispyware. This caused CA to put the computer into quarantine presumably when the this program scanned the infected file. I wasn't at my computer when it happened, so I can't be certain. The message only shows for 60 seconds.

Alpenview

Edited by alpenview, 29 November 2008 - 07:19 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 29 November 2008 - 10:07 PM

Did you run rhe SAS scan from Safe Mode?

How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 alpenview

alpenview
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 02 December 2008 - 08:31 AM

The system won't let me boot in safe mode. It says that either the username or password is incorrect, but I'm 100% positive that they are correct.

Alpenview

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 02 December 2008 - 11:18 AM

Have CA, SAS or Mbam found anything,even from normal mode?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Michael-Anthony

Michael-Anthony

  • Banned
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 02 December 2008 - 11:21 AM

can you log in to the admin account in safe mode??

#8 alpenview

alpenview
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 02 December 2008 - 07:05 PM

Boopme,

the odd thing is that CA is quarantining the system when I launch Thunderbird, but when I scan the whole computer, it doesn't report the infection that it reports when it puts the system in quarantine. MBAM didn't find anything. While SAS was scanning it triggered the quarantine. Even though the quarantine time is set for 10 minutes, it blocks the computer indefinitely so that I have to reboot. Consequently I don't have a SAS report.

Michael,

I'm not sure I understand your question. I believe I have full admin privileges, but when I tried to log in under safe mode, I got the error that said something to the effect that the username/ domain name/ password is incorrect. The window that appears (in safe mode) only has a place for username and password. There didn't seem to be a way to set the domain name.

One other thing that may be relevant. I tried the ATF cleaner, but the Firefox button at the top is grayed out. ATF reports emptying the various files, but apparently it can't touch the Thunderbird related files.
Regards,

Alpenview

Edited by alpenview, 02 December 2008 - 07:21 PM.


#9 alpenview

alpenview
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 03 December 2008 - 08:02 PM

FWIW, I also did a deep scan with A Squared last night. It didn't find anything, but it also didn't trigger a quarantine action by CA.

Alpenview

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 05 December 2008 - 12:14 AM

So it looks as it's doing OK now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users