Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Aware.Mirar problem


  • Please log in to reply
3 replies to this topic

#1 Gladiator1

Gladiator1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 05 December 2008 - 08:50 PM

Hello Everyone,

My computer has been infected with the "Adware.Mirar" malware with possibly other nasty spyware things too.

This occurred on December 2 around the evening.


Immediately upon receiving these my Norton starts going crazy and starts to stop a bunch of things, one of them was from the Mirar spyware. Freaking out, (Naturally), I stopped what I was doing and immediately starting throwing everything at it.

Every now and then a pop-up would appear saying "You have a security problem!" ,that and along with other messages that have misspelled words such as "Unathorised". It looked legit at first, with the red shield symbol having a white "X" in the middle.

Googling this up, (and finding your website in the process), I was glad to know I was not alone.

I have ran Norton, MBAM, AVIRA scans in both normal and Safe mode. And it did seem to get rid of 90% of the problem, (the internet browser now does not spontaneously launch to some advertising website).

Ran more scans, and nothing was detected after that.

But I still had those irritating "You have a security problem!" pop ups appearing exactly after the 20 minute mark. (I have timed this.) Looking in my task manager, there was a process named "EE4C8E92". Seeing that it was strange, I killed the process tree and there were No more popups.

I went to the System Configuration Utility tool, just to see if anything was there and sure enough, there were two start up items:

EE4C8E92
tornew

I have no idea what they are, I googled them both but they came up with nothing. It also helped me see where they were located and the "EE" one was located in the Application Data on my C drive. Looked it up, and lo and behold, the Icon of the "red shield with the "X" " was right there, sitting there like it owned the place. I deleted it immediately.

I looked up where this "tornew.exe" was located, and it was in my TEMP file and it also stated the website name where it came from. Deleted it too. ( I dont want to post the website right here fearing that others may get infected.)

I also found what appeared to be the Mirar installation application in the TEMP folder as well:

M I R A R

mir12g (Installation application?)

(with those spaces)

I pretty much deleted any .TMP files for that day, as well as any cookies.

I've been looking around the forums and it seems that people also are getting the same things I have, but have also contracted them within this same week.

I'm restarting the computer now with those deletions, but something inside me is saying they will probably regenerate when it starts up again. If thats the case, then I'm going to start searching for more answers and possibly delete some Registry Keys.

Thanks for taking the time to read this, and I want to say thank you to BleepingComputer.com for all your help so far. If any mods deem it necessary to delete or move any part of this post, my apologies for that, I'll try to post in the correct area.

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 06 December 2008 - 06:19 AM

Just to maybe clarify;

Norton, ... AVIRA

how many antivirus programs do you have installed?

Could you kinldy post the Log report from the Malawarebytes program you mentioned you ran so someone can check it for you ? :thumbsup:

#3 Gladiator1

Gladiator1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 07 December 2008 - 10:50 PM

Thank you ruby1 for trying to help me out.


But in the end, all the things i did failed. I've pretty much had it with this and I've decided to reformat the computer, I got a string of attacks, almost like 9 in a row, right after the other from the "Bloodhound" exploit, as well as the "backdoor.tidserv" as well.

I may be wrong, but these things seem to have some sort of timer built in to them. When I cleaned the computer, it was around 7:05 PM. An hour later, exactly around 8:05 PM, I get these multiple attacks. They're like ticking time bombs. Yesterday I spent the day backing up all my files, music and pictures on CD's. they are really the only thing valuable on my computer, the other stuff I can just re-install. No biggie. I'm posting from my college computer. A mac.


Thanks for your help, and again thanks for bleepingcomputer.com for their information. I hope any info I posted may be helpful in further study of these malicious programs.


Now, I just gotta find where my XP cd is...

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 AM

Posted 07 December 2008 - 11:14 PM

It's the choice I'd have made given the sane circunstances. Faster and a sure fix :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users