Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses Be Gone! - Trojan-PWS.Bancos etc.


  • Please log in to reply
No replies to this topic

#1 lapetite66

lapetite66

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 29 August 2009 - 03:34 PM

I am using Windows XP Professional.

I recently went to the following website www.nearlygood.com because I like smilies and I know
that they have some good ones. The problems came about because I stupidly allowed the
website access to my clipboard which in turn allowed them access to the rest of my computer.

I ended up with quite a few nasty viruses/trojan such as the following

1. trojan-pws.bancos
2. virus.dos.net_worm
3. Adware.Agent.ZO
4. RogueAntispyware.HomeVirus2010
5. HeurEngine.Packed.NSPack
6. HeurEngine.Packed.Molebox
7. HeurEngine.Packed.FSG
8. Bravia.exe

One of those viruses turned my firewall off and I also noticed this suspicious file in my fire wall
exceptions folder (sorry didn't think to take a screenshot of that) but it was called
EMOTICON_EXECUTABLE. Needless to say I deleted that firewall exception.


Another of the viruses kept popping up with this phony alert telling me that my computer had a
virus...like duh buddy it's you! :thumbsup: So, of course I didn't click on that balloon and download
anything more like they were trying to get me to.

It was a good thing that I had Trojan Remover on my computer. Trojan remover cleared a lot of stuff out but unfortunately my log files for what it cleared out are gone and so I don't have any proof of what was on my system. I did take a screenshot of what showed up in my PCtools quarantine and Global action list though, so that's something right?

After reading the post on this website I did download Malwarebytes and ran a scan and do have those logfiles (see below). I had a 5 more lingering viruses but I'm not sure whether the problem is over or not so I am planning on running Malwarebytes in Full Search mode to do a more thorough search.


Malwarebytes' Anti-Malware 1.40
Database version: 2702
Windows 5.1.2600 Service Pack 3

8/27/2009 12:32:12 AM
mbam-log-2009-08-27 (00-32-12).txt

Scan type: Quick Scan
Objects scanned: 115834
Time elapsed: 32 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\beep.sys.vir (Trojan.KillAV) -> Quarantined and deleted

successfully.
C:\Documents and Settings\DG\Local Settings\Temp\e.exe (Trojan.Zbot) -> Quarantined and

deleted successfully.
C:\Documents and Settings\DG\Local Settings\Temporary Internet

Files\Content.IE5\4SFVH93Q\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted

successfully.
C:\Documents and Settings\DG\Local Settings\Temporary Internet

Files\Content.IE5\7ZB6TPA0\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted

successfully.
C:\Documents and Settings\DG\Local Settings\Temporary Internet

Files\Content.IE5\UVJV8O29\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted

successfully.
C:\Documents and Settings\DG\Favorites\Antivirus Scan - Online - Kaspersky.com.url

(Rogue.Link) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users