Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP !


  • Please log in to reply
3 replies to this topic

#1 Cata Olo

Cata Olo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 05 February 2009 - 07:42 AM

Hi,

I really need some help - I am about to throw my computer out through the window !!!

I am 90% sure I have a malaware, or a worm ...

Here are the "symptomes" displayed by my computer: it started sending IM messages to my friends with a link to youtoube, and with the message "watch a girl being payd to eat her s**t"

Here is the most recent message from NOD32 that I have:
Threat: Win32/Agent.NEB worm
Comment: The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Event occurred at an attempt to access the file by the application: E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

I have downloaded the Malwarebyte's Anti-Malware from another post, in the hope that I will get rid of this very "nice" malware without having to bother anybody else. Unfortunately, I am not able to handle this myself.

Here is the Malaware log:

Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 2

05.02.2009 14:38:18
mbam-log-2009-02-05 (14-38-13).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 130881
Time elapsed: 35 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\e:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\task manager (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
E:\Setup.exe (Trojan.Agent) -> No action taken.
E:\WINDOWS\system32\sysmgr.exe (Backdoor.Bot) -> No action taken.
E:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> No action taken.


I will "remove selected" and will take it from there.

BC AdBot (Login to Remove)

 


#2 Cata Olo

Cata Olo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 05 February 2009 - 08:10 AM

Update:

Of course, I ran for thesecond time the Malaware, and my NOD32 gave me the same warning: "The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Event occurred at an attempt to access the file by the application: E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe."

That's just great! I would like to avoid having to re-install Windows. Can anyone help?

#3 Cata Olo

Cata Olo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 05 February 2009 - 09:06 AM

Second update:

I decided to run a NOD32 online scan - the same message: "The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Event occurred at an attempt to access the file by the application: E:\Program Files\Internet Explorer\IEXPLORE.EXE."

I will post the NOD32 log ... once it's finished!

#4 Cata Olo

Cata Olo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 06 February 2009 - 04:50 AM

Well ... Last update: after 8 hours of watching NOD32 and Malaware work, I finally gave up. I rebooted my computer in MS-DOS mode, and with a little bit of magic ... Voila, the file is deleted and NOD32 has not detected any threats any more. Now I need to defrag my disk or something, 'cause it is very slow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users