Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A weird virus.


  • Please log in to reply
2 replies to this topic

#1 afunyun

afunyun

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 January 2010 - 12:52 AM

It's me again. After 4 or so months I can't seem to keep my computer free of a virus, so I need help now :thumbsup:

Whats in my system? I am not certain, but I think it's a keylogger.

Details: It basically is an EXE in my Program Files folder called SNdebugger.exe. At least, that's what malwarebytes' says. Whenever I delete it, another one pops up within seconds to replace it. I have also found that it has two files in my AppData folder called XxX.xXx and UuU.uUu. They also replace themselves, manually or having Malwarebytes' do it. Sometimes with them in the AppData folder is a file called xxxyyyzzz.dat which, upon opening in notepad, has my email accounts and passwords in the following format:

|Messenger| [email address] |Password| [password] |

There is also another self-replicating exe called btdna.exe. It apparently is a bittorrent downloader.

Malwarebytes' and Avast! cannot seem to do anything, so I guess I'll have to come here yet again :flowers:

Malwarebytes' Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3289
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/22/2010 10:35:50 PM
mbam-log-2010-01-22 (22-35-50).txt

Scan type: Quick Scan
Objects scanned: 96397
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{iel5a414-71e2-a06e-4h52-f1syuoi5o1rw} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\SNdebugger\SNdebugger.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Jacob\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Jacob\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Jacob\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Edited by afunyun, 23 January 2010 - 12:55 AM.


BC AdBot (Login to Remove)

 


#2 afunyun

afunyun
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 January 2010 - 03:06 AM

Bamp

#3 afunyun

afunyun
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 January 2010 - 11:10 AM

Please :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users