Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected datalogger, McAfee disabled daily, IE crashes


  • Please log in to reply
2 replies to this topic

#1 Dave Cherne

Dave Cherne

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 28 December 2009 - 10:59 PM

Operating system: Windows XP Professional
Protection software: McAfee SecurityCenter

One to three times per day (but only if the computer is connected to the network) McAfee warns that Virus Protection, Spyware Protection, SystemGuards Protection, Script Scanning Protection and Firewall protection have all been disabled. Then within a minute or two these features will be re-enabled. I called McAfee about this and they said that this is not normal behavior and for $90 they will help me remove whatever is causing it.

The other symptom I'm having is IE8 routinely appears to crash and pops up an error message saying "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience". This pop up box does not have an "X" in the upper right corner. My only options are to click on "Send Error Report" or "Don't Send". I don't know if this pop-up is actually being generated by Microsoft or not, but I have found that I can ignore this error message and keep working with IE just fine (but the pop-up box stays in the foreground all the time). But when I reboot my computer I now have to re-log into all sites that used to remember who I was.

I have run the following software and it all shows my system clean: McAfee Virusscan, Malwarebytes, Bit Defender 10, Ad-Aware, Spybot Search and Destroy.

I then ran ATF Cleaner, then ran SuperAntiSpyware Free in safe mode and it showed 0 threats detected.

I then ran Dr.Web CureIt in safe mode (following the directions listed in this post http://www.bleepingcomputer.com/forums/topic261343.html) and it showed about 9 objects that it detected and moved or deleted. I have the DrWeb.csv report but I don't think I'm supposed to post it unless someone asks to see it.

I would appreciate any help in tracking this down.

Edited by Dave Cherne, 29 December 2009 - 12:24 AM.


BC AdBot (Login to Remove)

 


#2 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 December 2009 - 04:25 PM

Additional information: When IE8 crashes it references file mswsock32.dll

I ran Kaspersky Online scanner and it also shows I am infected. Here is the log file from it:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 30, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 30, 2009 18:20:09
Records in database: 3417028
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Dave\Start Menu\Programs\StartUp
C:\Program Files
C:\WINDOWS

Scan statistics:
Objects scanned: 79592
Threats found: 2
Infected objects found: 25
Suspicious objects found: 0
Scan duration: 01:49:35


File name / Threat / Threats count
svchost.exe\mswsock32.dll/svchost.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 2
C:\WINDOWS\system32\mswsock32.dll/C:\WINDOWS\system32\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 13
spoolsv.exe\mswsock32.dll/spoolsv.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 1
MpfSrv.exe\mswsock32.dll/MpfSrv.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 1
mqsvc.exe\mswsock32.dll/mqsvc.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 1
jusched.exe\mswsock32.dll/jusched.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 1
iexplore.exe\mswsock32.dll/iexplore.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 3
java.exe\mswsock32.dll/java.exe\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 1
C:\WINDOWS\system32\37D Infected: Trojan.Win32.Agent.czow 1
C:\WINDOWS\system32\mswsock32.dll Infected: Trojan.Win32.Agent.dbjp 1

Selected area has been scanned.

#3 Dave Cherne

Dave Cherne
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 05 January 2010 - 03:54 PM

Does anyone know how I can get help with my problem. I bet there is someone at BleepingComputer that would know how to help me, how do I get them to respond?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users