Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Bit Torrent and Text file


  • Please log in to reply
4 replies to this topic

#1 geotan

geotan

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:01:07 AM

Posted 18 March 2009 - 08:11 PM

Hello to all you Gurus,

Running Windows XP Home/SP3.

Yesterday I found a Bit Torrent on my computer which I know I have not downloaded. I managed to use Unlocker and after a few attempts I was able to remove it. I also have a text file that keeps appearing on my Desk Top. I use Shift/Delete to remove it, bur after a while it returns - always with a different message. They are daft meaningless little messages like "Terminated" or "HAB FUB".
I was going to run all the anti virus programmes that I have installed. I started with AdAware. After about one hour my computer shut down. I restarted it. A lot of my Desk Top Icons have changed and double clicking on any of the Icons does nothing. I tried going into my folder with all the anti virus .exe files but could not launch them from there either.
This computer is used for video, photography and graphics and is never connected to the internet except for updating anti virus programmes. I do have it net worked to another computer.
Any and all help appreciated as usual.
Thank you for your time,
George.

BC AdBot (Login to Remove)

 


#2 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:01:07 AM

Posted 19 March 2009 - 06:49 AM

UPDATE

I read a suggestion on this site to rename MalwareBytes to MyScan.scr. I did this and it worked. I did a quick scan followed by a full scan. My Desk Top icons are still not what they should be.
Here is the log for the scan:-



Malwarebytes' Anti-Malware 1.34
Database version: 1868
Windows 5.1.2600 Service Pack 3

19/03/2009 10:21:40
mbam-log-2009-03-19 (10-21-12).txt

Scan type: Quick Scan
Objects scanned: 68756
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmgr (Rootkit.ADS) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32:diskchk.exe (Rootkit.ADS) -> No action taken.
C:\WINDOWS\system32:diskmgr.exe (Rootkit.ADS) -> No action taken.

I still cannot run any other anti virus programme. I have also found that this virus has turned off my Fire Wall. I went into the Control Panel but I cannot access the Fire Wall to turn it on.

#3 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:07:07 PM

Posted 19 March 2009 - 07:31 AM

Hey George,
You have a nasty litle infection hooked in your machine there. You should navigate to HERE, and after reading the preparation guide start with step #6 and post the log there in a new topic. Please include a link to this thread in your new topic.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#4 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:01:07 AM

Posted 19 March 2009 - 07:53 AM

Harry,

I downloaded DDS and transferred it to the infected computer. When I try to run it, I get the message "Windows cannot open this file.....".
Any suggestions?
George.

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:07:07 PM

Posted 19 March 2009 - 07:57 AM

Lets get a topic started in the area that I linked you to, and I will give you some instructions there.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users