Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iamfamous.dll and many other nasties


  • Please log in to reply
1 reply to this topic

#1 guido_hat

guido_hat

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 14 January 2009 - 09:08 PM

EDIT: Apparently you're not meant to run malwarebytes in safe mode
re-running now in normal mode, will post fresh logs when complete!

Last night i (stupidly) downloaded an executable and ran it, mcafee enterprise (work provided for me to install at home) immediately picked up a virus but by that stage it was too late
now all my google searches are redirected through some website called ecta.info (regardless of the browser being used) in addition when i load IE mcafee detects a bufferoverflow exploit and logs it
I also noticed some strange autoplay files appearing on ALL my fixed drives (resycled hidden file, boot.com hidden file), thankfully I've managed to remove those last night following these instructions (refer to post 25, I didn't use malware bytes though managed to nuke them through safe-mode and command prompt): http://www.precisesecurity.com/blogs/2008/...esycledbootcom/
The computer has been disconnected from the internet since I discovered the exploit, ive just downloaded and install malwarebytes anti-malware from another machine, copied to usb and and run it on the infected machine and its found a file called iamfamous.dll in firefox components and deleted it
All these fixes have been in safe-mode
Here is the log from malware bytes:
this issue also looks very very similar:
http://www.bleepingcomputer.com/forums/t/191577/redirect-google-pop-up-ads-ecatainfo-help/

any help would be very highly appreciated!

Edited by guido_hat, 14 January 2009 - 11:00 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 AM

Posted 15 January 2009 - 05:19 PM

Post the Malwarebytes log if you have it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users