Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Advertisement Infection


  • Please log in to reply
22 replies to this topic

#1 jajacks

jajacks

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 June 2009 - 11:34 AM

Last night my Win XP laptop was infected with a virus that played audio advertisements though the speakers. Also, my internet browsers slowly stopped functioning. I believe it came through a malicious program downloaded by accident. I pulled up my task manager and found a suspicious process - b.exe. It would change to c.exe upon deletion. Also, my explorer.exe process was using over 100,000 k of memory.

I managed to download ComboFix. So I rebooted my laptop to safe mode and ran ComboFix. It deleted several files. I restarted my laptop and found the symptoms gone.

How can I check that all the problems are gone? I ran ComboFix a second time (in normal mode) and no registries or files were deleted. What else should I do? I've downloaded Hijack and am prepared to use it.

Thanks for reading.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 PM

Posted 25 June 2009 - 12:04 PM

Please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.

You were fortunate in this instance that no unforeseen consequences occurred.

Please download Malwarebytes Anti-Malware (v1.38) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

** If Malwarebytes Anti-Malware results in any error messages, please refer to Fixes for common problems and Error Codes. Some issues with errors can be related to malware infection but others are not.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 June 2009 - 12:18 PM

Thank you for your quick reply.
------
Malwarebytes' Anti-Malware 1.38
Database version: 2334
Windows 5.1.2600 Service Pack 3

6/25/2009 12:01:02 PM
mbam-log-2009-06-25 (12-00-56).txt

Scan type: Quick Scan
Objects scanned: 108607
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\downloaded program files\popcaploader.dll (Adware.PopCap) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\msb.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\downloaded program files\popcaploader.dll (Adware.PopCap) -> No action taken.

#4 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 June 2009 - 12:31 PM

I should note that I ran MBAM before your response. The program quarantined the files listed, and I deleted them through MBAM by selecting the quarantine tab and hitting the "delete all" button.

Like I said, this all was before your first response.

Thanks again.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 PM

Posted 25 June 2009 - 12:44 PM

Lets do another anti-malware scan to see if we find anything else that MBAM may have missed.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
alternate download link

Then download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you cannot boot into safe mode, then perform your scans in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 June 2009 - 11:28 PM

Hey. Sorry for the late post - the scan took over 6 hours. It found 8 files, one of which I recognized from an earlier scan: msa.exe. I went through the process, allowed the program to quarantine and delete the files, and rebooted. When Windows started, a small red shield with a white "x" in it popped up in the system tray with a message bubble saying McAfee Virus Scan was turned off, and to click the balloon to reactivate it. I didn't touch it - I knew it wasn't from McAfee as Security Center has its own icon. Within 20 seconds, the bubble and icon disappeared from the system tray. I'm unsure which virus/trojan that was, but I think it's probably still there.

Then again, you're the expert here :-). Anyway, thanks for your further help and here's my log.
------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2009 at 07:48 PM

Application Version : 4.26.1006

Core Rules Database Version : 3955
Trace Rules Database Version: 1897

Scan type : Complete Scan
Total Scan Time : 06:35:34

Memory items scanned : 271
Memory threats detected : 0
Registry items scanned : 7320
Registry threats detected : 0
File items scanned : 139122
File threats detected : 8

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Agent/Gen-FakeAlert
C:\QOOBOX\QUARANTINE\C\WINDOWS\MSA.EXE.VIR

#7 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 June 2009 - 11:37 PM

Upon further inspection, I see that the infected files haven't been deleted, but only quarantined in SUPERAntiSpyware. They show up under the quarantine section of the program. I'll await your instruction. Thanks again.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 PM

Posted 26 June 2009 - 06:34 AM

When an anti-virus or security program quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be malicious, you can delete it at any time.

Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them as a threat while in the quarantined area.

There are no shortcuts or guarantees when it comes to malware removal, especially when dealing with rootkits. Sometimes it takes several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous. Since we are still find some malware, I recommend doing another scan.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 June 2009 - 02:57 PM

I awoke this morning and checked my laptop (I left it on overnight) and found McAfee doing something odd. I've set McAfee to automatically virus scan on Fridays. A virus scan was up, but paused. I didn't pause it, and neither did my roommate. I followed your instructions and rebooted to safe mode and allowed Norman to do its job. After the scan, Norman asked for a reboot. I booted to normal Windows and found the alert bubble again in the system tray. And, once again, it disappeared after 20 seconds or so. I managed to CTRL+Print Screen while it was up.

Posted Image
You'll notice the red and gray "M" - that's the McAfee icon, as you likely know.

Thanks again for your help. Here's the log.
--------
Norman Malware Cleaner
Copyright © 1990 - 2009, Norman ASA. Built 2009/06/26 06:52:52

Norman Scanner Engine Version: 6.01.09
Nvcbin.def Version: 6.01.00, Date: 2009/06/26 06:52:52, Variants: 3342052

Scan started: 26/06/2009 11:00:01

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 3
Logged on user: JESSELAPTOP\Jesse Jacks

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "90 EC 95 0B 78 01 CF 04 63 7C 63 80 1D 79 57 80 7F 6E 5D 80 B8 F3 57 80 AC 8C 58 80 23 48 5B 80 2A 90 59 80 70 04 5B 80 CD B7 58 80 55 08 65 80 66 DB 56 80 DC A9 57 80 56 6E 5E 80 45 6C 58 80 B2 7C 59 80 DA 6A 5A 80 52 A5 5A 80 41 25 66 80 9B 26 " -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000


Scanning running processes and process memory...

Number of processes/threads found: 838
Number of processes/threads scanned: 838
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 41s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\WINDOWS XP KEYGEN+VALIDATION PACK.rar/keyfinder.exe (Infected with FindKeyXP.A.dropper)
Deleted file

C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Adobe Illustrator CS2\Crack\keygen.exe (Infected with W32/Agent.JZZM)
Deleted file

C:\Program Files\Valve\Steam\SteamApps\choral_music\counter-strike source\cstrike\cache\surf_year3000.bsp.bz20000/unknown0 (Error whilst scanning file: I/O Error (0x00220005))

C:\Qoobox\Quarantine\C\Program Files\Altnet\Download Manager\asm.exe.vir (Infected with W32/Altnet.L)
Deleted file

C:\Qoobox\Quarantine\C\Program Files\Altnet\Download Manager\asmps.dll.vir (Infected with W32/Altnet.:thumbsup:
Deleted file

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP619\A0155544.exe (Infected with W32/Altnet.L)
Deleted file

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP619\A0155545.dll (Infected with W32/Altnet.:flowers:
Deleted file

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP619\A0155814.sys (Infected with W32/Renos.CNZ)
Deleted file

Scanning: D:\*.*


Running post-scan cleanup routine:

Number of files found: 214871
Number of archives unpacked: 2733
Number of files scanned: 214857
Number of files not scanned: 14
Number of files skipped due to exclude list: 0
Number of infected files found: 7
Number of infected files repaired/deleted: 7
Number of infections removed: 7
Total scanning time: 3h 30m 55s

#10 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 June 2009 - 02:59 PM

Also, like last time, I didn't touch the bubble for fear of spreading an infection.

#11 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 June 2009 - 03:23 PM

While waiting for your response, I decided to run Norman again while in Windows. My browser was up (Chrome) and McAfee spotted and claimed to have removed a trojan.

Posted Image

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:06 PM

Posted 26 June 2009 - 04:09 PM

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\WINDOWS XP KEYGEN+VALIDATION PACK.rar/keyfinder.exe (Infected with FindKeyXP.A.dropper)
Deleted file

C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Adobe Illustrator CS2\Crack\keygen.exe (Infected with W32/Agent.JZZM)
Deleted file

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

With that said, please perform an online scan with Kaspersky Online Virus Scanner.
(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 June 2009 - 04:49 PM

We have my wonderful roommate to blame for the pirated stuff..... I'm still figuring out a method by which I'll offer forgiveness. I'm considering a monetary show of sorrow. Anyway, I'll run the Kaspersky. I notice that it is taking a while to gather system info. Is that normal? It's reading: "Java Enabled: False".

#14 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 June 2009 - 05:03 PM

EDIT: I didn't have the newest Java. It works now.

On a side note, I accidentally clicked on the red shield pictured in my previous post. It's Windows Security Center. It popped back up when I disabled McAfee for Kaspersky. I can get a screenshot if needed.

I'll report Kaspersky's findings when I receive them. Thank you for all your support and time. When this is all over, I'd like to offer a donation if bleepingcomputer would accept it.

#15 jajacks

jajacks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 June 2009 - 10:58 PM

I ran the scan. I've noticed that my roommate's downloaded pirate stuff is hitting as malware, and that will not happen anymore (it better not). I'm also noticing the quarantined file is still picking up. Has it not been deleted?

Thank you, and I hope to hear from you soon.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 26, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 27, 2009 00:33:57
Records in database: 2393681
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 142727
Threat name: 4
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 04:08:04


File name / Threat name / Threats count
C:\Documents and Settings\Jesse Jacks\Application Data\Sun\Java\Deployment\cache\6.0\45\30b71c2d-227bc4ad Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Windows XP Genuine Key Generator\MagicJellyBeanKeyFinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Windows XP Pro SP3 - Activated\WXPVOL_EN.iso Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Windows XP Pro SP3 - Activated\WXPVOL_EN.iso Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Windows XP Professional 32-bit en-US - Black Edition v2009.6.13.iso Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Documents and Settings\Jesse Jacks\My Documents\Downloads\Windows XP Professional 32-bit en-US - Black Edition v2009.6.13.iso Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Common\svchost.exe.vir Infected: Worm.Win32.AutoRun.aqop 1

The selected area was scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users