Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help i think i am infected!


  • This topic is locked This topic is locked
3 replies to this topic

#1 killarpriest

killarpriest

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 12 March 2009 - 10:49 AM

Hi i used Hijackthis to scan my computer and it gave me a lot of mumbo jumbo.Can somebody interprete this for me please. I have uploaded the log file.thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 12 March 2009 - 12:31 PM

Hi,

I will handle this log.
As I am in training, all my fixes have to be checked by my supervisors, Sorry for any type of delay in advance. :thumbup2:

#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 15 March 2009 - 04:43 AM

Hi,

Please note that you are infected with a trojan or a Backdoor / Backdoor Server.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately:
  • Disconnect the infected computer from the internet until the computer can be cleaned.
  • From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... (Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information).
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc).

Should you have any questions, please feel free to ask.

Now, on to the fix.

1. Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).O2 - BHO: (no name) - {33AC7D18-DC35-4D1A-940E-AFD5FC5C3327} - (no file)
O2 - BHO: (no name) - {C6E023C5-F81A-4E04-91A9-FD7DC20A79E4} - (no file)
O4 - HKLM\..\Run: [RIOTBOT] Update.exe
O4 - HKLM\..\RunServices: [RIOTBOT] Update.exe
O4 - HKCU\..\Run: [RIOTBOT] Update.exe
O20 - Winlogon Notify: qomMCSKE - qomMCSKE.dll (file missing)

Then close all windows except HijackThis and click Fix Checked.

2. Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg

Posted 18 March 2009 - 04:20 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users