Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with H8SRT virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 leela rao

leela rao

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 29 January 2010 - 02:03 AM

Hello,
My PC has been infected with the virus H8SRT (TDSS, malware defense got installed). I am not able to start windows normally as it freezes after my desktop icons are loaded. I have gone through several links when i googled for remedy. I logged in safe mode and when i run TDSSKiller, it says "Driver load error!"

Malwarebytes detects 3 infections when i run the scan (in safe mode) & deletes 2 of them & to delete the 3rd one it needs to be restarted in normal mode but that is not happening due to the PC Freeze. Now it is showing 1 virus detected (HKLM\Software\H8SRT) & it removes it in the safe mode itself. But when i manually restart & then quick scan again, it again reports the same virus. So the virus continues to thrive.

Also, when i right-click on any file, momentarily windows installer dialog appears & then the right-click menu appears..

Pls kindly help...... sad.gif Its been a week since this has happened & still i am not able to return to normal computing!! Doing all my work in safe mode.

I am posting the logs of dds, rootrepeal & malware scan..



DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by mple at 18:58:31.06 on Thu 01/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2023.1441 [GMT 5.5:30]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\B3DJBFGtN.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\mmc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\star\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bing.com/
uSearch Page = hxxp://search.live.com
uWindow Title = Microsoft Internet Explorer provided by Hewlett-Packard
uSearch Bar = hxxp://search.live.com/sphome.aspx
mDefault_Page_URL = hxxp://athp.hp.com
uInternet Settings,ProxyServer = web-proxy.aus.hp.com:8080
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {E69657FF-19AC-4849-BF35-91243EEF1687} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mple\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [PasswordCheck] c:\windows\hplogin\setlocalpwds.exe -f c:\docume~1\mple\locals~1\temp\setlocalpwds.flg -n 6
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IDA] c:\program files\hewlett-packard\pc coe\IDA.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG9.0] "c:\program files\common files\microsoft shared\ime\imjp9\imjprmzb.exe" /RmZombie
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CCDoctorLogonTesting] "c:\program files\rational\clearcase\bin\ccdoctor.exe" /LogonStartup
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPZMonitorBootKey] c:\docume~1\mple\locals~1\temp\hpispz\hpmonZ.exe ;h50203.www5.hp.com,HPITWeb,12,30,no,false,NA,US,ispehomepage,
mRun: [SDFix] c:\docume~1\mple\desktop\sdfix\RunThis.bat /second
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\B3DJBFGtN.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mple\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\mple\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableNT4Policy = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: hp.com
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPITWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://qc.atlanta.hp.com/qcbin/Spider91.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://qc1b.atlanta.hp.com/qcbin/Spider10.cab
TCP: {ED919FF1-5AA4-4A55-8F12-F8B8FC4E1E6C} = 16.110.135.51,16.110.135.52
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: ccnotify - c:\program files\rational\bin\ccnotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {B7B3E9B3-FB14-4927-894B-E9124509AF5A} - msiexec.exe /fou {B7B3E9B3-FB14-4927-894B-E9124509AF5A} /qb!

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mple\applic~1\mozilla\firefox\profiles\yjv6exuz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.ftp - web-proxy.aus.hp.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - web-proxy.aus.hp.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - web-proxy.aus.hp.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - web-proxy.aus.hp.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - web-proxy.aus.hp.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-7-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-7-8 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-7-8 2240944]
S2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2008-5-13 198184]
S2 Albd;Atria Location Broker;c:\program files\rational\clearcase\bin\albd_server.exe [2006-7-24 176016]
S2 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\hpavad~1\avChgSvc.exe [2008-11-1 238080]
S2 radexecd;HP OVCM Notify Daemon;c:\program files\hewlett-packard\pc coe 3\ov cms\radexecd.exe [2007-2-20 270510]
S2 radsched;HP OVCM Scheduler Daemon;c:\program files\hewlett-packard\pc coe 3\ov cms\radsched.exe [2007-3-22 172205]
S2 Radstgms;HP OVCM MSI Redirector;c:\program files\hewlett-packard\pc coe 3\ov cms\Radstgms.exe [2008-7-3 315570]
S3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2008-10-30 27008]
S3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2008-10-30 10161]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-7-8 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-23 102448]
S3 magaService;Lan Discover Agent;c:\program files\sygate\ssa\maga\maga.exe --> c:\program files\sygate\ssa\maga\maga.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-22 38224]
S3 Mvfs;Atria Multi-Version FS;c:\windows\system32\drivers\mvfs50.sys [2006-7-25 314880]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100119.008\NAVENG.SYS [2010-1-20 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100119.008\NAVEX15.SYS [2010-1-20 1323568]
S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2007-8-3 23424]
S3 Tomcat5;Apache Tomcat;c:\program files\apache software foundation\tomcat 5.5\bin\tomcat5.exe [2004-9-14 102400]

=============== Created Last 30 ================

2010-01-27 14:16:28 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-01-25 11:03:10 0 d-----w- c:\program files\Symantec_new
2010-01-25 11:03:10 0 d-----w- c:\program files\symantec antivirus_new
2010-01-22 10:46:11 0 d-----w- c:\docume~1\mple\applic~1\Malwarebytes
2010-01-22 10:44:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-22 10:44:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-22 10:44:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 10:44:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-22 09:41:40 0 d-----w- C:\star
2010-01-20 09:12:00 0 d-----w- c:\windows\ERUNT
2010-01-12 10:40:36 0 d-----w- c:\program files\MSN Toolbar Installer
2010-01-12 10:20:29 0 d-----w- c:\program files\Microsoft
2010-01-12 10:19:37 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-12 10:19:19 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-12 10:14:18 0 d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2010-01-21 06:51:40 805 -c--a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-21 06:51:40 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-21 06:51:40 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-21 06:51:40 10563 -c--a-w- c:\windows\system32\drivers\SYMEVENT.CAT

============= FINISH: 18:59:06.00 ===============




Malwarebytes Scan Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3649
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

1/28/2010 6:15:11 PM
mbam-log-2010-01-28 (18-15-11).txt

Scan type: Quick Scan
Objects scanned: 128671
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


Edited by Orange Blossom, 30 January 2010 - 12:11 AM.
Board glitch. ~ OB


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:17 PM

Posted 30 January 2010 - 05:43 AM

Hi,

Please read the instructions below and follow them in exactly the same way as described:
  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Do NOT post the log yet, but allow mbam to reboot.
  • After reboot, immediately rescan with malwarebytes, let it perform another scan, select to remove and reboot once again.
  • It's important that these steps are performed immediately after eachother (scan > select to remove > reboot > right after reboot, another scan > select to remove > reboot).
Then when done, post the LATEST malwarebytes log in your next reply. Only post that log AFTER the second reboot.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 leela rao

leela rao
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 02 February 2010 - 07:20 AM

Hi,

I was able to remove the virus after i got avenger to delete the drivers of this virus. Then scanned with malwarebytes & then it deleted all the infected files.
Today i performed a full scan & it reported a virus. pls find the malwarebytes log below. The windows installer problem also is solved now. But i am not confident that my PC is completely safe now. Pls comment.. Basically what this virus does..? i mean it did not corrupt the OS as such...

Thanks for the reply.




Malwarebytes' Anti-Malware 1.44
Database version: 3657
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2/2/2010 10:36:52 AM
mbam-log-2010-02-02 (10-36-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 970283
Time elapsed: 18 hour(s), 29 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{40A9C770-9957-4CD1-8CA8-2B0B29CCF829}\RP377\A0049661.exe (Trojan.Banker) -> Quarantined and deleted successfully.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:17 PM

Posted 02 February 2010 - 07:46 AM

Hi,

This wasn't really a virus as it didn't patch/infect legit files. This was a rootkit responsible for searchengine Hijacks, so it doesn't really compromise the OS. Once it's gone, eveything should work normally again.

Anyway, Malwarebytes only detects a leftover in your system restore points, so you should be OK here.

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 leela rao

leela rao
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 09 February 2010 - 02:07 AM

Hi,

Thanks for the reply.

Yes, my system is behaving normal again. I am little more careful in my online activities now as this is my office PC & dont want to take any chance.
Anyways I read regarding this virus in another topic in this forum that this H8SRT was a very powerful trojan horse & even though anti-malware softwares may not indicate any threats, it may access sensitive online info while residing in the PC & transmit it. And reformatting was the best option. So was a little concerned.!!


#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:17 PM

Posted 09 February 2010 - 02:32 AM

Hi,

A reformat wasn't really needed, but if you feel better with this, then it's fine smile.gif

Glad I could help. smile.gif

Please read my Prevention page with lots of info and tips how to prevent this in the future.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:17 PM

Posted 16 February 2010 - 09:05 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users