Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maybe Infected, hope someone can help :)


  • Please log in to reply
14 replies to this topic

#1 waterface

waterface

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 16 February 2009 - 12:01 PM

Hi all
Here i am again for some help from you guys that have helped me before with your expert knowledge!!

I opened a was on a site & there were links on that site to another site which i clicked on & my Avir Antivir prompted me by opening a window & telling me it had found something & what do i want to do with it!
I denied it access to my pc, but here is what it found!
Since then, certain links to sires direct me straight back to my Google homepage!!

Virus or unwanted program 'HTML/Shellcode.Gen [virus]'
detected in file 'C:\Documents and Settings\Administrator\Local Settings\Temp\q067xcua.pdf.
Action performed: Deny access

I ran SuperAntispyware which found nothing, but have Malwarebytes Anti-Malware, Hijackthis on my pc if this helps.

Hope someone can help

Regards

wf

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 16 February 2009 - 12:13 PM

Hi I think we'll start at ..
Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Rebootinto normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 16 February 2009 - 01:26 PM

Hi & thanks, here it is & it said nothing was found!!

Malwarebytes' Anti-Malware 1.34
Database version: 1766
Windows 5.1.2600 Service Pack 2

16/02/2009 18:25:32
mbam-log-2009-02-16 (18-25-32).txt

Scan type: Quick Scan
Objects scanned: 54929
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 16 February 2009 - 01:50 PM

HTML/Shellcode.Gen

Description:
Using attacks like buffer overflows makes it possible to put some specific data into a memory region which is then interpreted as program code and executed. This data is called "Shellcode". It can cause the user to allow remote connections, download files and execute them or whatever the malware author wants. This generic rule detects data that seems to be Shellcode stored in a HTML page.

I've looked and both these scanners show removal ability so run one or two,
Windows Live OneCare Click on the "Full Service Scan" box

Or
TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 16 February 2009 - 02:23 PM

Hi Boopme

I ran the TREND MICRO Housecall & it gave me 1 infection, ADWARE_MEMWATCHER & lots of others that seemed not to be threats, but when i clicked 'clean now', it said that 'warning important data may be lost if carried out', is is this still ok to go??

thanks

wf

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 16 February 2009 - 02:32 PM

I would say NO, why risk it. Try One care...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 16 February 2009 - 02:33 PM

Hi

Also, after the 1 infection was removed, its said that many need to be removed manually!!
There are around 20 that all start with MS04 MS05 MS06 MS07 MS08 with a number after!! Am not sure what to do with these * it says 'an error occured while trying to retrieve more information about this vulnerability. There is currently no more information'.

I wondered what to do with these!!!& should i just shut down my browser & all is ok!!

Thanks

wf

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 16 February 2009 - 05:22 PM

Yhis exploit appears to have entered thru and exploits jpeg files. Those are the files at risk of loseing

You can shut your browser.
Is there any particular reason you haven't installed Service Pack 3?

Also go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

Edited by boopme, 16 February 2009 - 05:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 17 February 2009 - 02:58 AM

I have Java 6 update 11.
No reason i haven't updated, i guess i maybe should, i juts was told if all my antivirus/firewall/antispy/malware programmes were up to date i was ok.
I guess i don't know what will happen if i do add pack 3 & if it will change anything drastically?

#10 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 17 February 2009 - 05:01 AM

Service Pack's often patch vunerabilities in the system :thumbsup: So running regular updates and installing a Service Pack as soon as it is released is highly recommended.

PS:Sorry Boopme if im interupting

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 17 February 2009 - 10:11 AM

OK the JAVA is upto date so that's not being exploited. Those are Microsoft update package numbers. Perhaps they have now become corrupted. I belive instaling SP will replace them. Set a new System Restore point first. Windows XP System Restore Guide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 17 February 2009 - 10:50 AM

Hi
My pc seems to be running smoothly now & all my programmes, superantispyware, adaware, spybot, Avira-Antivir all find nothing! Could it be a case of if its not broke don't fix it?

I have serious issues about System Restore because of something that happened some time ago!
Could there be any other way of checking if i have malware?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 17 February 2009 - 11:09 AM

Yes you can leave it. The service packs are created to fix security flaws and other things in previous versions.
Yes you can create an HJT log and have them go over your PC deeply and see if there's something hiding. Probably a good idea to do so. As your PC is working well and they are busy and will need a couple days to respond, it's a good time for you.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 waterface

waterface
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 17 February 2009 - 04:32 PM

Hi & thanks
I will create a Hijackthis log in the appropriate forum.
I have done this before when had an issue, but have never used the DDS tool before! Do i need to do this or just post a HJT log?

Many thanks for your help

wf

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 17 February 2009 - 04:43 PM

They will ask for it anyway so may as well.

And you're welcome!!

Edited by boopme, 17 February 2009 - 04:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users