Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.win32.c4dlmedia.b


  • Please log in to reply
20 replies to this topic

#1 dffykvn

dffykvn

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 20 December 2009 - 05:26 PM

I accidentally downloaded Trojan.win32.c4dlmedia.b

After I tried to use what I dled, I got a Kaspersky antivirus wasrning me that a trojan was detected and blocked, but a 2nd warning came up asking what to do with Trojan.win32.c4dlmedia.b I hit delete, but then it said that it couldn't be deleted. I virus scanned the archive but no threat was detected, I'm running a full scan now.

I deleted the the archive that I downloaded, but I don't know if I'm safe.

Is there any chance kaspersky detected it, blocked it, then it had nothing to delete when the what to do about xxxxx came up?


Obviously I don't know **** about computers, so I posted this so someone can tell me what to do...kind of like explaining quantum physics to a caveman -_-

Any help would be appreciated.

Ps I'm running Windows 7 home and using Kaspersky internet security tool 2010.

Edited by Orange Blossom, 20 December 2009 - 05:31 PM.
Moving from Windows 7 to Am I Infected. ~ OB


BC AdBot (Login to Remove)

 


#2 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 20 December 2009 - 05:38 PM

When a trojan infects you, as soon as you delete it that trojan goes away. But it could leave your system compromised and your machines security could be weak. Make sure you update you anti virus before running a scan or during it to ensure the AV has the newest signatures. Have you run a MBAM (Malwarebytes Anti Malware) scan yet?

#3 dffykvn

dffykvn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 20 December 2009 - 05:49 PM

I updated at the update center, then I increased the level of scanning.

Instead of scanning on medium, I put everything on high, deep scanning whatever setting to max and scan every part. I have no threats detected...........

And I have no idea what program you're talking about.

Thank you for replying though ^_^

If the kaspersky scan doesn't find anything is it likely that I'm in the clear?

#4 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 20 December 2009 - 05:57 PM

Sorry MBAM or Malwarebytes is an anti malware program - I won't bore you with the details but it removes crap like viruses and spyware off your PC. It's frequently used on Bleepingcomputer. after you've done your full system scan I highly recommend you download it from here : http://download.cnet.com/Malwarebytes-Anti....html?tag=mncol

After you've downloaded and installed it update it and then run a full system scan. A log will open and press Ctrl and A on your keyboard (this selects everything) then right click Copy and then paste the log into a post. If you forget to copy and paste the log the log will be saved under the logs tab when you open up Malwarebytes.

#5 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 20 December 2009 - 05:59 PM

If the kaspersky scan doesn't find anything is it likely that I'm in the clear?


You'll need to run atleast two or three scans to ensure you're clean as no one anti virus is perfect. Basically you're getting a second or third opinion from a Doctor - one doctor might pick up something another doctor hasn't.

#6 dffykvn

dffykvn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 20 December 2009 - 05:59 PM

Alright thanks, I'm almost finished with the kasp scan, after I download it should I post the log here?

Or would that be a bad idea because the log could have sensitive things other people could use to......ummm do...stuff -_-

Is there any part of it that I shouldn't post? Post in entirety? Or no post period?

#7 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 20 December 2009 - 06:01 PM

By the way (this is completely unrelated) if it's late - like it is here in the UK - I recommend you go to bed while the scans are running. A Kis2010 scans might take a couple of hours and a MalwareBytes may take a few hours as well. The length of the scans depends on how many files you have and on the power of your PC - as well as how many programs are running.

By the way (this is completely unrelated) if it's late - like it is here in the UK - I recommend you go to bed while the scans are running. A Kis2010 scans might take a couple of hours and a MalwareBytes may take a few hours as well. The length of the scans depends on how many files you have and on the power of your PC - as well as how many programs are running.

#8 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 20 December 2009 - 06:06 PM

Na post the entire log here. If you're worried about sensitive data coming out the only personal things which might show up are your account's name. So something like this might come up

C:\Documents and Settings\User1\My Documents\Music/evilvirus.mp3

so you're user name might pop up if something was detected. The log will show were the virus was detected and it's exact filepath which could have an embaraccing name:

C:\Documents and Settings\User1\My Documents\Porno/Video1

Yeh so the data in the logs won't be useable by anyone to do any harm, it just could be a bit embarracing if dodgy named file is a virus. So post the logs for both Kis2010 and MBAM here please ;)

#9 dffykvn

dffykvn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 20 December 2009 - 06:30 PM

Lol it's nothing embarrassing.

I just didn't want to be the guy that gave up all of his comps passwords and stuff because of a miscommunication :D

#10 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 21 December 2009 - 11:26 AM

Hehe

#11 dffykvn

dffykvn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 22 December 2009 - 12:35 AM

At the bottom of the log it said that everything had been deleted...

Should I post the log anyway even though at the bottom it said that the stuff was deleted? Or is that good enough?

#12 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 December 2009 - 08:54 AM

yep post the log, so i can see what was deleted and also find out which type of malware you had. Trojan's can often download other malware from the internet, so you could have another infection.

#13 dffykvn

dffykvn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 22 December 2009 - 09:25 AM

HOLY ****

When I ran the program it said that I successfully removed the files...........
But the log says no action was taken !!!



Malwarebytes' Anti-Malware 1.42
Database version: 3399
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2009/12/20 17:15:05
mbam-log-2009-12-20 (17-14-59).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 219618
Time elapsed: 2 hour(s), 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows.old\Documents and Settings\KD\Local Settings\Application Data\Mozilla\Firefox\Profiles\ix878r98.default\Cache(2)\A66B9EEFd01 (Rogue.Installer) -> No action taken.
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\v2che3c2.default\Cache\42051696d01 (Adware.Agent) -> No action taken.
C:\Users\Kevin\Desktop\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> No action taken.

#14 dffykvn

dffykvn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 23 December 2009 - 09:57 AM

Is there anything I can do to remove them?

#15 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 26 December 2009 - 06:49 AM

Yep I thought that (beep) trojan would download something else. OK please follow these instructions :

Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post the SuperantiSpyware log and Let us know how the PC is running now.


Please follow those instructions (above).

PS:
Thanks Boopme for that quote :thumbsup: I couldn't put it simpler myself.

Edited by Skydie, 26 December 2009 - 07:10 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users