Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Kardphisher among others


  • This topic is locked This topic is locked
2 replies to this topic

#1 McBiskit

McBiskit

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 23 March 2009 - 06:49 PM

A couple of weeks ago I became infected with a number of viruses and malware. One minute I was fine, and I restarted for something and had lost even basic functionality. My computer was suffering from a number of symptoms. Incredibly long start up, disabled task manager/task bar in both normal and safe mode, no icons on my desktop in safe mode, sound and ethernet card drivers were no longer installed, my desktop image was changed to one saying malware had been found on my system and had what would probably be a link to a bogus anti spyware site, and if I left it on a My Documents folder would periodically open. I figured it up and it was happening about twice an hour so I sometimes had 30-40 My Documents windows open when I was out of the house for a while. The worst was a windows piracy popup that I read up on and found out was trojan.Kardphisher.

I read up on Kardphisher and found out that I had a newer version that was much nastier then the previous version. I kept trying to feed it bogus info but it kept calling me out on it. Finally I got it to accept some fake info a cc# of all 6's and it tried to send it away to wherever my personal info would have gone, but since I can't connect to the internet it would just sit there for longer then I could stay and watch it. I would leave and come back later to it saying it couldn't connect and if I wanted to Retry. I found I could just minimize the window at this point and have access to my desktop icons. From there I could run Smitfraudfix which would enable my taskbar and task manager. I then started scanning with all my antivirus programs. Avast, Ad Aware, and Spybpt S&D. I found I had Virtumonde among others and did what I could with those programs to remove them. Then more recently I scanned with Vundo Fix (which found nothing) and Malwarebytes. Scanning with all of these programs removed many of the symptoms (but I'm not convinced the stuff is gone. I remember Virtumonde being particularly stubborn from a previous run in, but it hasn't showed up in a scan recently) but nothing affected Kardphisher. I followed the advice for manual removal outlined here...

<hxxp://www.411-spyware.com/trojan-kardphisher>

But could only find the registry entry related to the task manager being disabled, and nothing else. I became very frustrated as it was finals week at school and I had to leave my computer alone for few days while I went to school and worked.

Today through the task manager, I found that the process related to Kardphisher was called msoobe32. Then I deleted the msoobe32 file, from the startup tab in msconfig I disabled two msoobe32 startup items and deleted the related registry entries. A couple of startups later I have a slightly longer then normal start up, the Kardphisher window never pops up, but neither does my desktop or task bar. I can bring up my task manager, and from there run programs, but that's where I decided to stop since my roommate now has a computer and I can get on frequently enough to ask for help.

Attached Files


Edited by Orange Blossom, 11 February 2013 - 04:27 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:26 PM

Posted 31 March 2009 - 10:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:26 PM

Posted 05 April 2009 - 06:55 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users