Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

b.exe, AV2010, etc.


  • Please log in to reply
3 replies to this topic

#1 matthewjpollard

matthewjpollard

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 08 August 2009 - 12:17 AM

Hey guys,

Today as I was looking around on the internet (on a music store site to be exact), my McAfee anti-virus starting going, well, beserk if you will. It was showing me pop ups of trojans, virus', cookies, and such that it saw as threats. Immedietly I closed my web browser (I.E), and pulled up my task manager. When I looked at the process list, I saw two processes that stood out: b.exe, and f.exe. Shortly after my computer froze up, and just rebooted itself. After the restart, I had fake pop ups of "anti-virus 2010" saying that my computer was infected, yada yada. I locked down my firewall, and started my malwarebytes scanner, and began a scan. Nine seconds in, the program was deleted from the screen, and was no longer running. I tried to run it again, but a window came up telling me that I did not have the permission to run the said file or path.

I then booted into safe mode, but had the same result. I also downloaded and tried avast, but the same thing happened. It also has locked me out from HijackThis, and the program simply won't even respond to me trying to open it. I have yet to try combofix. (I'm posting this very early in the morning so please excuse my vagueness, I've been at this thing all night.)

I found the following on google, but was afraid to try it without asking people with higher knowledge than myself: http://answers.yahoo.com/question/index?qi...30235548AA4h840 (the first answer on the page that involves a command prompt.)

I can be more descriptive with some guidance.
Thanks for any help in advance,


Matt

BC AdBot (Login to Remove)

 


#2 matthewjpollard

matthewjpollard
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 08 August 2009 - 11:57 AM

Bumping back up to the first page.

Anybody?

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:10 PM

Posted 08 August 2009 - 12:03 PM

McAfee,Spybot and Avast will interfer with the removal of this infection

Let's get a good look at what's running on that computer.

Please download and run Processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply

One or more of the identified infections is a rootkit/backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Someone may still be able to clean this machine but we can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Chewy

No. Try not. Do... or do not. There is no try.

#4 matthewjpollard

matthewjpollard
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 08 August 2009 - 12:32 PM

Once I can back up some files I'll get right to installing that. Thank you for the response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users