Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious Mouse Movements - but no infections found... yet.


  • This topic is locked This topic is locked
2 replies to this topic

#1 xioc1138

xioc1138

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 July 2009 - 11:44 AM

I have a computer where twice now, the mouse has moved on its own. The user who uses the computer notes that every now and then the mouse will even open a program up. I have only been able to remote into the computer once after a report and the only thing that i found open was a pop-up window.

Things I have done so far:

Run ESETs Virus Scan (found nothing but see the end of this message)
Run Kapersky's online virus scan (found nothing)
Run Tren Micro's online virus scan (found nothing).

The user has a LogiTecball mouse, I have a few of these and have seen them roll on their own. This normally happens when the sensor inside gets dirty. This one had some muck on it, but not enough that I would think it would give false reads. I cleaned it anyway.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2007 1:18:52 PM
System Uptime: 7/30/2009 8:41:56 AM (3 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G33M-S2
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 261.737 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP336: 5/4/2009 11:49:40 AM - System Checkpoint
RP337: 5/6/2009 8:59:59 AM - System Checkpoint
RP338: 5/7/2009 9:04:45 AM - System Checkpoint
RP339: 5/8/2009 8:58:46 AM - Removed Logitech Desktop Messenger
RP340: 5/11/2009 5:14:32 PM - System Checkpoint
RP341: 5/12/2009 5:23:38 PM - System Checkpoint
RP342: 5/14/2009 3:00:15 AM - Software Distribution Service 3.0
RP343: 5/14/2009 8:43:59 AM - Installed 32 Bit HP CIO Components Installer
RP344: 5/14/2009 8:44:14 AM - Removed 32 Bit HP CIO Components Installer
RP345: 5/14/2009 4:30:15 PM - Installed Windows Rights Management Client with Service Pack 2
RP346: 5/15/2009 3:00:15 AM - Software Distribution Service 3.0
RP347: 5/15/2009 9:36:24 AM - Removed Adobe Reader 9.
RP348: 5/15/2009 9:39:37 AM - Installed Adobe Reader 9.1.
RP349: 5/15/2009 9:41:38 AM - Installed Adobe Reader 9.1.
RP350: 5/15/2009 3:45:57 PM - Software Distribution Service 3.0
RP351: 5/18/2009 9:04:20 AM - System Checkpoint
RP352: 5/19/2009 3:00:15 AM - Software Distribution Service 3.0
RP353: 5/20/2009 3:00:20 AM - Software Distribution Service 3.0
RP354: 5/20/2009 5:03:43 PM - Software Distribution Service 3.0
RP355: 5/21/2009 5:20:54 PM - System Checkpoint
RP356: 5/22/2009 3:00:20 AM - Software Distribution Service 3.0
RP357: 5/22/2009 3:57:00 PM - Software Distribution Service 3.0
RP358: 5/26/2009 12:33:05 PM - System Checkpoint
RP359: 5/26/2009 4:58:57 PM - Software Distribution Service 3.0
RP360: 5/27/2009 4:57:46 PM - Software Distribution Service 3.0
RP361: 5/28/2009 8:39:16 AM - Software Distribution Service 3.0
RP362: 5/28/2009 4:59:08 PM - Software Distribution Service 3.0
RP363: 5/29/2009 4:51:10 PM - Software Distribution Service 3.0
RP364: 6/1/2009 8:45:25 AM - Software Distribution Service 3.0
RP365: 6/1/2009 3:19:55 PM - Installed Microsoft Access 2002 Runtime
RP366: 6/1/2009 3:20:54 PM - Printer Driver Win2PDF Installed
RP367: 6/1/2009 4:54:52 PM - Installed ROLLCALLServer9.5.
RP368: 6/1/2009 5:01:59 PM - Software Distribution Service 3.0
RP369: 6/2/2009 3:04:46 PM - Removed ROLLCALLServer9.5.
RP370: 6/2/2009 3:40:00 PM - Installed ROLLCALL9.5.
RP371: 6/3/2009 3:00:13 AM - Software Distribution Service 3.0
RP372: 6/4/2009 3:00:15 AM - Software Distribution Service 3.0
RP373: 6/5/2009 3:00:14 AM - Software Distribution Service 3.0
RP374: 6/5/2009 4:46:29 PM - Software Distribution Service 3.0
RP375: 6/8/2009 9:05:11 AM - SetPoint 4.72
RP376: 6/8/2009 5:02:30 PM - Software Distribution Service 3.0
RP377: 6/10/2009 3:00:13 AM - Software Distribution Service 3.0
RP378: 6/11/2009 3:00:14 AM - Software Distribution Service 3.0
RP379: 6/11/2009 9:44:30 AM - Removed ChurchPro2009 FW Demo
RP380: 6/11/2009 9:48:41 AM - Removed ROLLCALL9.5.
RP381: 6/11/2009 12:08:51 PM - Removed Acrobat.com
RP382: 6/11/2009 5:12:07 PM - Software Distribution Service 3.0
RP383: 6/12/2009 8:27:20 AM - Printer Driver ClickBook Printer Installed
RP384: 6/12/2009 5:03:38 PM - Software Distribution Service 3.0
RP385: 6/15/2009 10:09:32 AM - System Checkpoint
RP386: 6/15/2009 4:57:33 PM - Software Distribution Service 3.0
RP387: 6/16/2009 4:54:04 PM - Software Distribution Service 3.0
RP388: 6/17/2009 4:57:48 PM - Software Distribution Service 3.0
RP389: 6/18/2009 3:21:09 PM - Software Distribution Service 3.0
RP390: 6/18/2009 4:57:46 PM - Software Distribution Service 3.0
RP391: 6/19/2009 4:59:15 PM - Software Distribution Service 3.0
RP392: 6/20/2009 2:29:32 AM - Installed Java™ 6 Update 13
RP393: 6/20/2009 3:00:29 AM - Software Distribution Service 3.0
RP394: 6/21/2009 3:00:15 AM - Software Distribution Service 3.0
RP395: 6/22/2009 3:00:15 AM - Software Distribution Service 3.0
RP396: 6/22/2009 5:01:42 PM - Software Distribution Service 3.0
RP397: 6/23/2009 5:09:52 PM - Software Distribution Service 3.0
RP398: 6/24/2009 5:12:46 PM - Software Distribution Service 3.0
RP399: 6/25/2009 5:30:06 PM - Software Distribution Service 3.0
RP400: 6/26/2009 5:06:56 PM - Software Distribution Service 3.0
RP401: 6/29/2009 3:52:39 PM - System Checkpoint
RP402: 6/29/2009 5:01:32 PM - Software Distribution Service 3.0
RP403: 6/30/2009 5:23:57 PM - System Checkpoint
RP404: 7/1/2009 3:00:20 AM - Software Distribution Service 3.0
RP405: 7/1/2009 5:06:24 PM - Software Distribution Service 3.0
RP406: 7/2/2009 5:10:37 PM - Software Distribution Service 3.0
RP407: 7/6/2009 2:20:49 PM - System Checkpoint
RP408: 7/6/2009 5:10:37 PM - Software Distribution Service 3.0
RP409: 7/8/2009 8:37:29 AM - Software Distribution Service 3.0
RP410: 7/8/2009 5:04:12 PM - Software Distribution Service 3.0
RP411: 7/8/2009 5:11:43 PM - Software Distribution Service 3.0
RP412: 7/9/2009 5:15:32 PM - Software Distribution Service 3.0
RP413: 7/10/2009 4:59:26 PM - Software Distribution Service 3.0
RP414: 7/13/2009 12:31:20 PM - System Checkpoint
RP415: 7/13/2009 4:59:41 PM - Software Distribution Service 3.0
RP416: 7/14/2009 5:07:27 PM - Software Distribution Service 3.0
RP417: 7/15/2009 5:34:42 PM - Software Distribution Service 3.0
RP418: 7/16/2009 5:24:06 PM - Software Distribution Service 3.0
RP419: 7/16/2009 10:08:56 PM - Software Distribution Service 3.0
RP420: 7/17/2009 5:04:53 PM - Software Distribution Service 3.0
RP421: 7/20/2009 12:28:55 PM - System Checkpoint
RP422: 7/20/2009 5:04:45 PM - Software Distribution Service 3.0
RP423: 7/21/2009 5:00:10 PM - Software Distribution Service 3.0
RP424: 7/23/2009 3:00:19 AM - Software Distribution Service 3.0
RP425: 7/23/2009 5:29:09 PM - Software Distribution Service 3.0
RP426: 7/24/2009 4:38:37 PM - Software Distribution Service 3.0
RP427: 7/25/2009 10:57:47 AM - Software Distribution Service 3.0
RP428: 7/27/2009 1:06:03 PM - System Checkpoint
RP429: 7/27/2009 5:16:27 PM - Software Distribution Service 3.0
RP430: 7/28/2009 5:25:17 PM - Software Distribution Service 3.0
RP431: 7/30/2009 6:53:49 AM - Software Distribution Service 3.0
RP432: 7/30/2009 8:34:30 AM - Software Distribution Service 3.0
RP433: 7/30/2009 8:42:41 AM - Printer Driver Microsoft XPS Document Writer Installed

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5600
5600_Help
5600Trb
ACS Technologies, Inc. - Workstation
Adobe Acrobat 5.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PageMaker 7.0
Adobe PDF Library Files
Adobe Reader 9.1.1
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan
AiOSoftware
Apple Software Update
Ask Toolbar
Blue Squirrel ClickBook 12
BOINC
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CDDRV_Installer
Coupon Printer for Windows
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
D5400
D5400_Help
DeskTopBinder - SmartDeviceMonitor for Client
DeskTopBinder Lite
Destinations
DeviceDiscovery
DocProc
DVD Suite
ESET NOD32 Antivirus
EVGA Display Driver
Fax
FlexWare
Google Toolbar for Internet Explorer
GoToMeeting 4.0.0.320
GPBaseService
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 10.0
HP Image Zone Express
HP Imaging Device Functions 10.0
hp LaserJet-all-in-one
HP Photosmart D5400 Printer Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP PSC & OfficeJet 5.3.B
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 13
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
KhalInstallWrapper
LaserAIO
LG ODD Auto Firmware Update
LightScribe 1.6.43.1
Logitech Registration
Logitech SetPoint
MagTek ActiveX Control for Micr+IntelliPIN Device
MagTek MTMicrImage OCX
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2002 Runtime
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2002
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (2.0.0.14)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
NewCopy
OpenOffice.org Installer 1.0
OrderReminder hp LaserJet 3015/3020/3030/3380
Paradox Runtime
PDF Settings
PowerDVD
PowerProducer
PrintMaster Gold 18
ProductContext
PS_SF_03_D5400_ProductContext
PS_SF_03_D5400_Software
PS_SF_03_D5400_Software_Min
PSSWCORE
QuickBooks
QuickBooks Pro 2009
QuickTime
Readiris Pro 9
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
ScannerCopy
Second Copy (7.0)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shop for HP Supplies
SkyWatch13
SmartWebPrintingOC
SolutionCenter
Status
SupportSoft Assisted Service
Toolbox
Total Access Memo
TrayApp
Unload
UnloadSupport
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoToolkit01
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WebReg
Win2PDF 3.30
Windows Driver Package - MagTek (MTIMUSB) Ports (01/16/2007 1.10.0005.0)
Windows Driver Package - MAGTEK USB (01/16/2007 1.10.0005.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
Winferno Registry Power Cleaner
Wyyo 1.0 build 133
XML Paper Specification Shared Components Pack 1.0
Yahoo! Companion

==== Event Viewer Messages From Past Week ========

7/29/2009 9:20:58 AM, error: TermServDevices [1111] - Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.
7/29/2009 9:20:58 AM, error: TermServDevices [1111] - Driver HP Photosmart 8200 Series required for printer HP Photosmart 8200 Series is unknown. Contact the administrator to install the driver before you log in again.
7/29/2009 9:20:58 AM, error: TermServDevices [1111] - Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.
7/27/2009 8:41:02 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/27/2009 10:39:29 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PROJECTIONPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3E2BC71E-79F2-4. The master browser is stopping or an election is being forced.
7/27/2009 1:34:17 PM, error: NetBT [4321] - The name "CPCC :1d" could not be registered on the Interface with IP address 192.168.1.106. The machine with the IP address 192.168.1.115 did not allow the name to be claimed by this machine.
7/25/2009 10:57:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007066f: Security Update for Microsoft PowerPoint 2007 (KB957789).
7/25/2009 10:48:00 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================

I looked through the log and didn't find anything that I considered to be harmful right off, but perhaps some eyes that are more used to looking at this thing will see something that i can not.

I can say that the user's home page in Internet Explorer (I know, but they insist) was set to my.freeze.com. User insists that it has been this way for a very long time. Some google results indicate that this may indicate an infection. I was able to change the user's home page, and the home page stuck, which doesn't seem very virus like to me.

Looking at ESET's log file, I do see that in the past it has cleaned some infections:

7/22/2009 8:41:08 AM POP3 filter email message from: postcards@hallmark.com to: user@usersdomain.com with subject You've received A Hallmark E-Card! dated Tue, 21 Jul 2009 20:19:08 -0500 Win32/Bifrose.NCM trojan contained infected files OWNER-DD338CE5B\user Threat was detected upon receiving email by the application: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE.
6/19/2009 11:08:35 PM Real-time file system protection file C:\System Volume Information\_restore{52341C7B-57CB-4681-AB7F-665E60FCF888}\RP390\A0055492.exe Win32/Adware.OneStep.A application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
6/19/2009 8:51:36 AM Real-time file system protection file C:\PROGRAM FILES\WYYO\WYYO.EXE Win32/Adware.OneStep.A application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\BOINC\projects\boinc.gorlaeus.net\trajtou-cu111_5.40_windows_intelx86.exe.
6/19/2009 8:51:22 AM Startup scanner file C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo133.exe Win32/Adware.OneStep.A application cleaned by deleting - quarantined
6/17/2009 1:30:02 PM POP3 filter email message from: postcards@hallmark.com to: user@usersdomain.com with subject You've received A Hallmark E-Card! dated Wed, 17 Jun 2009 13:19:08 -0500 Win32/Bifrose.NCM trojan contained infected files OWNER-DD338CE5B\user Threat was detected upon receiving email by the application: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE.
6/11/2009 8:34:42 AM POP3 filter email message from: postcards@hallmark.com to: user@usersdomain.com with subject You've received A Hallmark E-Card! dated Wed, 10 Jun 2009 20:27:14 -0500 Win32/Bifrose.NCM trojan contained infected files OWNER-DD338CE5B\user Threat was detected upon receiving email by the application: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE.
6/10/2009 9:03:49 AM POP3 filter email message from: postcards@hallmark.com to: user@usersdomain.com with subject You've received A Hallmark E-Card! dated Wed, 10 Jun 2009 08:46:46 -0500 Win32/Bifrose.NCM trojan contained infected files OWNER-DD338CE5B\user Threat was detected upon receiving email by the application: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE.
5/29/2009 8:43:49 AM POP3 filter email message from: postcards@hallmark.com to: user@usersdomain.com with subject You've received A Hallmark E-Card! dated Thu, 28 May 2009 18:14:59 -0500 Win32/Bifrose.NCM trojan contained infected files OWNER-DD338CE5B\user Threat was detected upon receiving email by the application: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE.
5/6/2009 10:05:33 AM POP3 filter email message from: postcards@hallmark.com to: user@usersdomain.com with subject You've received A Hallmark E-Card! dated Tue, 5 May 2009 17:34:34 -0500 Win32/Bifrose.NCM trojan contained infected files OWNER-DD338CE5B\user Threat was detected upon receiving email by the application: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE.

So I know that some infections have occurred in the past, but it looks like they were intercepted and cleaned without any trouble.

Thoughts?♦

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:48 AM

Posted 07 August 2009 - 07:10 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:48 AM

Posted 12 August 2009 - 06:23 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users