Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

drlcleaner.info and Security Center


  • Please log in to reply
2 replies to this topic

#1 llynara

llynara

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 06 November 2009 - 11:59 AM

I am not sure where to put this, so please move it if necessary.

I recently worked on a client's Windows XP computer that had multiple infections. I used several programs to clean it and spent a lot of time combing over logs to make sure it was virus-free. It came up clean on Malwarebytes Anti-Malware, Spybot Search and Destroy, Avira Antivirus, and SuperAntiSpyware. HijackThis logs looked clean as well. I uninstalled unnecessary programs and combed the logs for any services that looked suspicious. All looked good.

Despite all this, upon getting her computer back, her browser was hijacked and a rogue anti-spyware program tried to scare her into installing it. She didn't, thank goodness.

I took the computer back, tried to replicate the problem (I could not.) Scanned it seven ways from sunday, looking for anything and everything I could find that might be causing it. I returned the computer to her and asked her to take a picture if it came up again.

It finally happened last night. I was able to track down the problem as drlcleaner.info. The screen matches this one exactly:
http://www.2-spyware.com/remove-drlcleaner-info.html (not the popup, but the one behind it.)

What bothers me is that none of the tools I used even detected this thing! It flew under all of them! I've cleaned many viruses off of computers (and learned a ton from these forums) but have never found one like this. I thought I would share here and see if anyone else has had trouble dealing with this one or even seen this before.

Edited to add: Every single one of the programs I used was updated with the very latest antivirus/anti-spyware/anti-malware definitions. Both IE and Firefox were updated to the latest versions and innoculated with Spybot Search and Destroy. I had put Adblock Plus on Firefox to further protect in case of malicious ads. How this got by everything, I'm not sure. But it really bothers me!

Llyn :thumbsup:

Edited by llynara, 06 November 2009 - 12:38 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:08 PM

Posted 08 November 2009 - 05:58 PM

Hello Llyn, I am gmoving this to Am I infected as that's where we do scans.
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 llynara

llynara
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 10 November 2009 - 05:18 PM

Sorry, I just saw this! Thanks for replying! I don't have access to this computer at the moment, but will certainly run this the next chance I get.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users