Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected??


  • Please log in to reply
1 reply to this topic

#1 speechlessed

speechlessed

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 12 February 2010 - 02:28 PM

Hi, I got this problem. First off, I have never had a virus before, but for some days ago my AVG found Trojan horse Dropper.Generic.BPQL in my Appdata\Local\Temp\crude.exe. Killed it and next day I got the same again and it's been there 3 times now but not recently since i deleted the program "DU Meter" which seemed infected.

But yesterday I got it in AppData\Roaming\Microsoft\svchost.exe. Removed it. If I remember it correctly it said something about the iexplorer.exe, not sure but i remember seeing that exe file somewhere when AVG warned me.

And today when i plugged in my Ipod i had a svchost.exe in the root of my Ipod. Deleted it there as well.

....


Is there anyway to find the source or have i found it and deleted and should wait some more days and see if I get infected again? AVG doesn't find anything when i do a scan.

Can i download and run the Combofix?

I really dont like this... since i do banking and gaming and so on on the internet.... should I be worried?


Do I need to format the computer. :thumbsup:



Kind Regards

Christian

Edited by speechlessed, 12 February 2010 - 02:45 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,937 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:22 PM

Posted 13 February 2010 - 12:09 PM

Can i download and run the Combofix?

Please note the message text in blue at the top of this forum.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

I really dont like this... since i do banking and gaming and so on on the internet.... should I be worried?

Yes, if you have a confirmed infection. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

Do I need to format the computer.

Your decision as to what action to take should be made by reading and asking yourself the questions presented in these articles:In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned, repaired or trusted especially if you are dealing with rootkit components that can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. The malware may leave so many remnants behind that security tools cannot find them and a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition removes everything and is the safest action but I cannot make that decision for you.

Should you decide not to reformat, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Let me know how you wish to proceed.

IMPORTANT NOTE: Gaming sites are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. For these reasons gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

...Microsoft Security has issued a research report where it notifies that virus creators are continuously assaulting online video game players...a malicious family of software programs are seeking out popular online computer games such as World of Warcraft, Maple Story, Lineage and several others. According to Microsoft’s seventh Security Intelligence Report, cybercrooks use computer worm parasites for stealing confidential personal information from local computer users through online games, unsecured file sharing and removable disk drives...The most dangerous and prevalent malware involve Taterf and Conficker worms which have infected millions of computer systems worldwide...

Malware Makers Target Online Games to Spread Worms

Microsoft warned video game developers...that their PC games are now a target for criminals...Popular massively multiplayer online games, such as World of Warcraft, have created a market for valuable game identities...Using malware or software designed to infiltrate a computer system, hackers steal account information...

Microsoft warns game developers of cyber thieves

...Gaming sites are becoming a growth area for malware and other security threats. The newer threats are sophisticated and are designed to draw in unsuspecting users...

Game Sites Next Big Malware Target?

The design of online game architecture creates an open door for hackers...hackers and malware hoodlums go where the pickings are easy -- where the crowds gather. Thus, Internet security experts warn game players that they face a greater risk of attack playing games online because few protections exist....traditional firewall and antimalware software applications can't see any intrusions. Game players have no defenses...Online gaming sites are a major distribution vehicle for malware....

MMO Security: Are Players Getting Played?

...Moral of the story?
1. Do not allow online games
2. Block ports used by online games
3. Block sites related to these online games
4. Educate your users...

online game + online trade = Trojan Spy

Security researchers...poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection...Some Trojan Web sites have done what they can do to collect gamers' authentication information so they can loot their characters (and) accounts.

Real Flaws in Virtual Worlds: Exploiting Online Games

...a very significant release for Gamers everywhere with the addition of a variety of password stealers directly targeting Online games. The main targets are mostly based in Eastern Asia (Lineage Online, Legend Of Mir, ZT Online just to name a few), but World of Warcraft and Valve’s Steam client are high on the hit-list too...

Taterf – all your drives are belong to me!

Using gaming sites is probably how you came to be infected in the first place.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users