Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

worm.Win32.NetSky


  • Please log in to reply
2 replies to this topic

#1 bolterdog

bolterdog

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chandler, Arizona
  • Local time:05:22 AM

Posted 12 December 2009 - 01:27 AM

Picked up this spyware tonight. Hijacked background and was unable to go to any internet sites. Tried to run MBAM and could not. Ran Super AntiSpyware that found & cleaned several files. Reboot still had issue. Ran Avast, found some issues and deleted them. Reboot, some issues gone but still unable to go to your web site. Restored using System Restore, reboot and was able to run MBAM. Found "fake spyware", cleaned, rebooted and reran MBAM with log all clear. Computer seems to be back to normal. All seems to be well but would like to confirm. Please advise if any additional steps are necessary if MBAM log runs clear. Thanks.

BC AdBot (Login to Remove)

 


#2 bolterdog

bolterdog
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chandler, Arizona
  • Local time:05:22 AM

Posted 12 December 2009 - 09:21 AM

Updated MBAM and ran a full scan. Logfile posted below. Will update SAS and run a complete scan while at work. Will post back with results. Seems to be running fine. Thanks.

Malwarebytes' Anti-Malware 1.42
Database version: 3348
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2009 6:44:07 AM
mbam-log-2009-12-12 (06-43-50).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 219016
Time elapsed: 56 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Randy\Local Settings\Temp\vftgbjdbuyt.tmp (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026777.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026779.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026780.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026797.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026813.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP281\A0026831.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP281\A0026847.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP281\A0026848.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP281\A0026849.exe (Trojan.Dropper) -> No action taken.

#3 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:05:22 AM

Posted 12 December 2009 - 10:08 AM

Because you did a system restore I would run ATF Cleaner (for Windows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds.
DJ Digital Gem

I gave up on computers and now I just DJ!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users