Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Latency Issues/Lingering Infection


  • Please log in to reply
4 replies to this topic

#1 nwkegan

nwkegan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 26 May 2009 - 06:19 PM

Hello. Let me start from the beginning:

I was browsing a site on Internet Explorer because I didn't feel like starting up firefox (big mistake, one I won't make again) and I got that oh so dreaded cmd prompt pop-up. I knew I was infected with SOMETHING immediately. I know the routine, so I re-installed Malwarebytes and ran several scans. It looked clean, so I thought I was in the clear. However, it turns out I still had a file called 'juabzoe.dll' in my system32 folder. I unregistered and deleted it. Somehow, sometime after I restart, it magically reappears under rundll32.exe. Using Process Explorer, I find two instances of rundll32.exe that have registered 'juabzoe.dll'. The file is no-where to be found in my system32 folder.

Recently I've also experienced some severe latency issues while playing a few games. Warcraft III and World of Warcraft to be specific. If I restart my computer I can seemingly alleviate these symptoms, but after a while they will return. I am still unsure as to whether or not they are connected to juabzoe, as I have ended both rundll32.exe processes and still had these latency problems. I'm looking to fix both of my problems if you all could help me.

Thank you.

BC AdBot (Login to Remove)

 


#2 nwkegan

nwkegan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 27 May 2009 - 04:52 PM

I'd like to mention that I have recently found out that my internet troubles with these games may in fact be related to comcast, as there are others experiencing the same symptoms.

However, that still leaves the rundll32.exe instances that pop up as (seemingly) random times during computer uptime. I'd like to remove all traces of malware from my computer if possible.

Thanks.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 28 May 2009 - 10:29 AM

In many cases, online gaming sites are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

The design of online game architecture creates an open door for hackers...hackers and malware hoodlums go where the pickings are easy -- where the crowds gather. Thus, Internet security experts warn game players that they face a greater risk of attack playing games online because few protections exist....traditional firewall and antimalware software applications can't see any intrusions. Game players have no defenses...Online gaming sites are a major distribution vehicle for malware....

MMO Security: Are Players Getting Played?

...Moral of the story?
1. Do not allow online games
2. Block ports used by online games
3. Block sites related to these online games
4. Educate your users...

online game + online trade = Trojan Spy

Security researchers...poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection...Some Trojan Web sites have done what they can do to collect gamers' authentication information so they can loot their characters (and) accounts.

Real Flaws in Virtual Worlds
Security researchers warn of dangers in online games

...the Flash ad contains code to open a popup that leads to a very different destination -- it's what I assume is an affiliate link that attempts to download and install ErrorSafe on your computer...

Advertiser Sneaks Malware into Flash Ad

A new type of Internet-based attack is spreading in which Flash-based ads seize control of a Web surfer's clipboard and paste in a link to a malicious site in the hopes that it will be spread from there into e-mails, blogs, and instant messages....

Malicious Flash ads attack

RunDLL32.exe is a legitimate Windows file that executes/loads .dll (Dynamic Link Library) modules which too can be legitimate or sometimes malware related.

Please post the results of your MBAM scan for review (even if nothing was found).

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 nwkegan

nwkegan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 28 May 2009 - 07:02 PM

Here is my scan log. Using process explorer I also checked the properties on my rundll32.exe instances:

"C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\juabzoe.dll,DllMain -"

Somehow it keeps reappearing despite not actually being present in my system32 folder.


Malwarebytes' Anti-Malware 1.36
Database version: 2110
Windows 5.1.2600 Service Pack 2

5/28/2009 4:59:35 PM
mbam-log-2009-05-28 (16-59-35).txt

Scan type: Full Scan (C:\|D:\|F:\|M:\|)
Objects scanned: 184675
Time elapsed: 25 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 29 May 2009 - 06:00 AM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware (i.e. rootkit) which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users