Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, but not sure what...


  • Please log in to reply
22 replies to this topic

#1 Arrow92

Arrow92

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 30 October 2009 - 09:55 AM

Good morning/afternoon/evening!(depending on where you are at when you are reading this)

Well as usual my computer does things i don't want it to and makes my life miserable.

Let me just tell you what happened:
1. It first started with my internet connection. It was not connecting. So naturally i gave a call to my local internet company and the people there told me my router was in need of upgrading. So after doing that it worked...for a while.

2. The internet could connect but it kept on disconnecting it self. So after making sure it wasn't a problem with the line on the companies side, i tried to refresh my connections. Thats when the third problem came up.

3. My computer would start to give weird warnings like "Windows has detected an error". So very sorry but I am just unable to recall what was the name of the error but I think it was Win something. And then straight after that my computer would totally freeze/hang. So then i would restart it manually and try again. After going in circles and realizing that after every 10 to 15 minutes of usage, the computer would give the warning and freeze. So after again restarting, i immediately went to my anti-virus(i use Avira personal) i did a full scan but came up with nothing.

4. The lastest part of the attack was on my poor innocent bookmarks. Everything was erased! In fact my customized mozilla firefox 2.0 was completely reduced to as if first being installed on a computer. There was nothing! Even my homepage was changed to the standard one. Luckily I have a saved copy of my bookmarks, so all is not lost. But now another problem has come up.

5. I am trying to import my bookmarks(which is in a firefox document on my desktop) back into my bookmarks manager but every time I try, it just does not happen.

Well i should also add that i just had a computer guy come over about an hour ago. What he did was turn-on Spyware Terminator, which i had on my com but did not use since i had avira. He said that the problem should be fixed and that if it comes up again, Spyware Terminator will just block it. But I am still not convinced that my computer is safe and fine to use again. Besides, with the other problems such as the bookmarks still not fixed, I need some advice.

I would also like to add some of the things I have found on The Event Viewer in the Administrative Tools.(Things that look suspicious):

-Faulting application svchost.exe, version 5.1.2600.2180, faulting module AcGenral.dll, version 5.1.2600.2993, fault address 0x000116e2.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


-Windows saved user ******-BB61****\user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-Successful auto update retrieval of third-party root list cab from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


-AntiVir has detected 'WORM/Conficker.AG' in the file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0PMZ4L2R\xtshx[1].png

-AntiVir has detected 'WORM/Conficker.AG' in the file C:\WINDOWS\system32\x

-Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2976, fault address 0x00018ab9.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-AntiVir has detected 'HIDDENEXT/Crypted' in the file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C1YBG5Q7\iuqhpphr[1].png

-Hanging application firefox.exe, version 1.8.20081.21709, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-AntiVir has detected 'HEUR/HTML.Malware' in the file C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\745EM3SR\urchin[1].php

-AntiVir has detected 'TR/Dropper.Gen' in the file C:\WINDOWS\system32\x


Well basically, i just copied and pasted what i thought would be the root cause of the problem. What i pasted was from the past three days. Mind you I have not been using the computer for the past 2 weeks and only my brother uses it for his college work. He said maybe a virus came in through a website cause we don't download stuff. Well I hope some one
can tell me what happened and whether I need to do any further damage control.

Thank you very much in advance,
Cheers,
Aaron M.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


BC AdBot (Login to Remove)

 


#2 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 01 November 2009 - 03:25 AM

Hey! Ummm well can anyone help me?

Sorry, i know everybody have their own things to do but i could really use some help, especially with the bookmarks issue.
Owh and there is this new thing coming up, C:\Windows\system32\mmfinfo.dll. It keeps on getting blocked by my Spyware Terminator. So im wondering if thats the problem.

Thank You!
Aaron M.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#3 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 01 November 2009 - 10:40 PM

................especially with the bookmarks issue.


Hi Aaron M.

Regarding your bookmarks issue. What is the extension being shown on the ones you are trying to import?


Owh and there is this new thing coming up, C:\Windows\system32\mmfinfo.dll. It keeps on getting blocked by my Spyware Terminator. So im wondering if thats the problem.

Thank You!
Aaron M.



Regarding you other problem(s) I`ll suggest running a scan(s) with MBAM and\or SUPERAntispyware. Both have free versions and can be uninstalled later if desired. Let us know what if anything turns up.

Edited by ThunderZ, 01 November 2009 - 10:41 PM.


#4 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 02 November 2009 - 02:49 AM

Well regarding the bookmarks, the extension shown is html.

About the thing that keeps getting blocked i will install the software mentioned and when done will report asap. But reply may take a few days. I dont normally use the computer on weekdays.

Thank You!

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 02 November 2009 - 06:48 AM

Not a problem. Will keep an eye on the thread.

Regarding FF bookmarks. You are running a fairly old version. I am working from memory here. FF gives you two options to import bookmarks as, .html or .json. Either change the extension you are importing in as or try changing the extension of the file itself to .json instead of .html.

#6 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 03 November 2009 - 06:33 AM

Hey!

Either change the extension you are importing in as


Sorry, but i do not quite understand what you mean. Could you please explain a little more what I should do?

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#7 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 03 November 2009 - 06:34 AM

try changing the extension of the file itself to .json instead of .html.


And yes, I tried to do what you suggested, but alas, it did not work. If you can think of anything else that could be wrong please let me know.

Thank you!
Aaron M.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#8 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 03 November 2009 - 06:39 AM

Oh and to whoever else who may read this,

Please, please help me identify my problems as I am anxious to know what actually happened.

Thank you!

P.S
There is again something new which I think may also be a problem. Its this thing that Spyware Terminator keeps blocking;
C:\Windows\system32\mmfinfo.dll

I hope *again* that someone or somebody or anybody can help me identify these things!

A thousand thank you's!

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:13 AM

Posted 03 November 2009 - 07:29 AM

Please see ThreatExpert's awareness of the file "mmfinfo.dll".

Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Please download Malwarebytes Anti-Malware (v1.41) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 05 November 2009 - 01:27 AM

Hello!
I am so very pleased to announce that my problem has indeed been solved. All that was needed was a simple re-installation of Mozila Firefox and I was able to import my bookmarks. A very big thank you to ThunderZ and quietman7 for their wonderful advice.

However, I still have one more question for quietman7. As in your last post(see above) you gave quite a few steps in order to ensure my computer is virus free. As of the time of this message, my computer appears to be fully functional and has no malware(after full scans by Spyware terminator, Avira and Bitdefender). Would you say it is necessary that I take your steps mentioned in order to be 100% sure of a virus free computer?

Thank you all, and have a nice day.


Infinite gratitude,
Aaron M.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:13 AM

Posted 05 November 2009 - 07:05 AM

...after full scans by...Avira and Bitdefender

Are you using two anti-virus programs?

Would you say it is necessary that I take your steps mentioned in order to be 100% sure of a virus free computer?

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

Malwarebytes Anti-Malware is one of the more effective programs available and I recommend using it so doing a scan will not hurt. TFC is a tool to remove all the junk and temp files on your system so you can use that before running MBAM. You can skip the Norman scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 05 November 2009 - 12:12 PM

Are you using two anti-virus programs?


No. Avira is the one I have installed on my computer and and for Bitdefender, I used the online scanner.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#13 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 05 November 2009 - 12:15 PM

Thus, a [i]multi-layered defense using several anti-spyware products (including an effective firewall) [b]


Multi-layered defense? Would you so kind as to elaborate on that? This is because when it comes to anti-viruses, I know it is best just to have one good one, if not, they may pick up false positives(of each other). But when it comes to anti-virus, anti-spyware and all the other anti things, I am unsure.

Thank you,
Aaron M.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:13 AM

Posted 05 November 2009 - 01:05 PM

Yes, using more than one anti-virus program is not advisable. The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management.

In contrast, as a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, Ad-Aware, etc will not conflict with each other or your anti-virus if using them as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, if using any of their real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. Additionally, competing tools may even provide redundant alerts which can be annoying and/or confusing.

multi-layered defense = 1 anti-virus, 1 real-time anti-malware, firewall, 1 or 2 stand-alone security scanners (all regularly updated), installation of all Windows security patches, practice safe surfing, common sense etc.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Arrow92

Arrow92
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:10:13 PM

Posted 06 November 2009 - 02:06 AM

I see. Regarding firewalls, besides the standard windows firewall, are there any other free download able firewalls that are good?

Aaron M.

P.S
What do you make of this site ? Do you think it is something worth downloading or is it not very useful?

Edited by Arrow92, 06 November 2009 - 02:11 AM.

"I am always ready to learn, although i do not always like being taught" - Winston Churchill

Who ever said that paper beats rock is a moron.Next time i see some one i am going to throw a rock at them while they hold up a piece of paper for a shield. - Anonymous





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users